CN114969789A - Password ciphertext storage and use method and device based on host - Google Patents

Password ciphertext storage and use method and device based on host Download PDF

Info

Publication number
CN114969789A
CN114969789A CN202210615177.7A CN202210615177A CN114969789A CN 114969789 A CN114969789 A CN 114969789A CN 202210615177 A CN202210615177 A CN 202210615177A CN 114969789 A CN114969789 A CN 114969789A
Authority
CN
China
Prior art keywords
file
data file
main program
logic data
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210615177.7A
Other languages
Chinese (zh)
Inventor
彭丰华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202210615177.7A priority Critical patent/CN114969789A/en
Publication of CN114969789A publication Critical patent/CN114969789A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a password ciphertext storage and use method and a device based on a host, relating to the field of finance, wherein the method comprises the following steps: reading the encrypted file for decryption before the system main program reads the encrypted file to obtain a decrypted file; generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information; and providing the logic data file to a system main program, and carrying out corresponding logic operation by using the logic data file by the system main program. The invention can decouple the main program and the encrypted file.

Description

Password ciphertext storage and use method and device based on host
Technical Field
The invention relates to the technical field of finance, in particular to a password ciphertext storage and use method and device based on a host.
Background
This section is intended to provide a background or context to the embodiments of the invention that are recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
Some data like password is often encountered in the system and needs to be stored after being encrypted, and the prior implementation scheme is shown in fig. 1:
1. and the main system program calls a tool subprogram to decrypt the encrypted file.
2. And reading the decrypted information to generate FTP statements/login statements in a memory of the main program.
3. And reading the FTP statement/login statement by the main program to perform subsequent login operation.
This implementation may have the following disadvantages:
1. and (4) deep coupling. Although the tool program is a subprogram, when the encryption algorithm is changed, the main program calls the interface, reference, library function and the like of the subprogram, and the main program and the encrypted file are indirectly and deeply coupled.
2. Increasing the development volume and testing effort. Since encrypted files are typically very widely involved and used by many applications, much extra work is involved in development and testing.
Disclosure of Invention
The embodiment of the invention provides a password ciphertext storage and use method based on a host, which is used for removing deep coupling between a main program and an encrypted file, and comprises the following steps:
reading the encrypted file for decryption before the system main program reads the encrypted file to obtain a decrypted file;
generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information;
and providing the logic data file to a system main program, and carrying out corresponding logic operation by using the logic data file by the system main program.
The embodiment of the invention also provides a password ciphertext storage and use device based on the host computer, which is used for removing the deep coupling between the main program and the encrypted file, and the device comprises:
the decryption module is used for reading the encrypted file for decryption before the system main program reads the encrypted file to obtain a decrypted file;
the logic data file generating module is used for generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information;
and the application module is used for providing the logic data file to a system main program, and the system main program uses the logic data file to perform corresponding logic operation.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the storage and use method of the password ciphertext based on the host computer when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program is executed by a processor, the computer program realizes the storage and use method of the password ciphertext based on the host.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when executed by a processor, the computer program implements the above method for storing and using a password ciphertext based on a host.
In the embodiment of the invention, compared with the technical scheme that the main program of the system calls the tool subprogram to decrypt the encrypted file to cause indirect deep coupling of the main program and the encrypted file in the prior art, the encrypted file is read for decryption before the system main program reads the encrypted file to obtain the decrypted file; generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information; and providing the logic data file to a system main program, and carrying out corresponding logic operation by using the logic data file by the system main program. The invention generates a logic file only containing the requirement information of the system main program after the encrypted file is decrypted, and through the logic file, when the information of the encrypted file needs to be changed or the encryption algorithm needs to be changed, the whole system only needs to adjust the encrypted file without changing the main program, thereby realizing the decoupling of the main program and the encrypted file.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
FIG. 1 is a flow chart of a main program performing a login function in the prior art;
FIG. 2 is a first flowchart of a method for storing and using password ciphertext based on a host computer according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for storing and using password ciphertext based on a host computer according to an embodiment of the present invention;
FIG. 4 is a flowchart of a method for storing and using password ciphertext based on a host computer according to an embodiment of the present invention;
fig. 5 is a block diagram of a device for storing and using password ciphertext based on a host in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
Based on the problems in the prior art, the invention provides a password ciphertext storage and use method based on a host, the flow of which is shown in fig. 2 and comprises the following steps:
step 201: reading the encrypted file for decryption before the system main program reads the encrypted file to obtain a decrypted file;
step 202: generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information;
step 203: and providing the logic data file to a system main program, and carrying out corresponding logic operation by using the logic data file by the system main program.
Specifically, the method may be applied to a developed tool program, and a specific method flow may be as shown in fig. 3. Before the main program is read, the tool program reads the encrypted file, and the encrypted file may store the information of the user name/password similar to the core needing to be kept secret. The facility decrypts the information in the encrypted file. After the tool program obtains the core information in the encrypted file, according to the requirement of the main program, a logic data file is generated by using the decryption information and other data (non-encrypted auxiliary information, decryption information and the auxiliary information which are combined to generate a logic data file, wherein the auxiliary information can be some information related to the subsequent login operation of the FTP statement/login statement, such as an IP address and the like), and the logic data file necessary for the main program is generated. The logical data file is no longer an encrypted file and can be used directly by the host program. The logical name of the logical data file is fixed (the logical name is communicated with the main program), but the actually generated physical file name is random (the physical file name is only known by the main program and the tool program, and the security function is realized). The logic data file does not contain encrypted information, but only contains general information used by the main program, including FTP login statements, database login statements and the like. And after the logic data file is generated, the main program uses the logic data file to perform functions such as login and the like. Subsequently, when the information of the encrypted file needs to be changed or the encryption algorithm needs to be changed, the whole system only needs to adjust the encrypted file or the tool program, but does not need to change the main program.
In the embodiment of the present invention, reading the encrypted file for decryption includes:
obtaining an authorized key prior to decryption;
and decrypting the encrypted file by using the corresponding decryption algorithm by using the authorized key.
Specifically, the facility needs to be authorized to use the key and decrypt the information in the encrypted file using a corresponding decryption algorithm.
In the embodiment of the present invention, as shown in fig. 4, the method further includes:
step 401: and after the system main program uses the logic data file, deleting the logic data file.
Specifically, the device enables the main program and the encrypted file/tool program to be decoupled. No matter how the encryption/decryption part (tool program) changes, the change of the program logic of the main program is not influenced. And the logic data file is temporarily generated by a third-party tool program when the main program runs, the physical file name of the logic data file is random, an exclusive mode (which cannot be read by a user) is adopted when the main program is used, and the logic data file is deleted immediately after the main program is used. Therefore, the logical data file cannot be searched, is short in time when being stored in a disk, and has the characteristic of confidentiality.
"the data acquisition, storage, use, processing and the like in the technical scheme of the application all conform to the relevant regulations of national laws and regulations".
The embodiment of the invention also provides a password ciphertext storage and use device based on the host, which is described in the following embodiment. Because the principle of the device for solving the problems is similar to the password ciphertext storage and use method based on the host, the implementation of the device can refer to the implementation of the password ciphertext storage and use method based on the host, and repeated parts are not described again.
Fig. 5 is a block diagram of a structure of a host-based password ciphertext storage and use apparatus according to an embodiment of the present invention, as shown in fig. 5, the apparatus includes:
the decryption module 02 is used for reading the encrypted file for decryption before the system main program reads the encrypted file to obtain a decrypted file;
a logic data file generation module 04, configured to generate a logic data file based on the decrypted file according to the requirement of the system main program, where the logic data file includes general information used by the system main program and does not include secret information;
and the application module 06 is configured to provide the logic data file to a system main program, and the system main program performs corresponding logic operation by using the logic data file.
In the embodiment of the present invention, the decryption module is specifically configured to:
obtaining an authorized key prior to decryption;
and decrypting the encrypted file by using the corresponding decryption algorithm by using the authorized key.
In the embodiment of the present invention, the logic data file generating module is specifically configured to:
and generating a logic data file based on the decryption information and the non-encrypted auxiliary information in the decryption file according to the requirement of the main program of the system.
In the embodiment of the present invention, the logical name of the logical data file is fixed, and the physical file name is random.
In an embodiment of the present invention, the application module is further configured to:
and after the system main program uses the logic data file, deleting the logic data file.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the storage and use method of the password ciphertext based on the host computer when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program is executed by a processor, the computer program realizes the storage and use method of the password ciphertext based on the host.
An embodiment of the present invention further provides a computer program product, where the computer program product includes a computer program, and when the computer program is executed by a processor, the method for storing and using the password ciphertext based on the host is implemented.
In the embodiment of the invention, compared with the technical scheme that the main program of the system calls the tool subprogram to decrypt the encrypted file in the prior art to cause the indirect deep coupling of the main program and the encrypted file, the encrypted file is read for decryption before the system main program reads the encrypted file, so that the decrypted file is obtained; generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information; and providing the logic data file to a system main program, and carrying out corresponding logic operation by using the logic data file by the system main program. The invention generates a logic file only containing the requirement information of the system main program after the encrypted file is decrypted, and through the logic file, when the information of the encrypted file needs to be changed or the encryption algorithm needs to be changed, the whole system only needs to adjust the encrypted file without changing the main program, thereby realizing the decoupling of the main program and the encrypted file. The logical data file is generated at the run time, the physical file name is random, an exclusive mode (which cannot be read by a user) is adopted during the use, and the logical data file is deleted immediately after the use. Meanwhile, the method has the characteristic of confidentiality.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (13)

1. A method for storing and using password ciphertext based on a host computer is characterized by comprising the following steps:
reading the encrypted file for decryption before the system main program reads the encrypted file to obtain a decrypted file;
generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information;
and providing the logic data file to a system main program, and carrying out corresponding logic operation by using the logic data file by the system main program.
2. The host-based password ciphertext storage and use method of claim 1, wherein reading the encrypted file for decryption comprises:
obtaining an authorized key prior to decryption;
and decrypting the encrypted file by using a corresponding decryption algorithm by using the authorized key.
3. The host-based password ciphertext storage and use method of claim 1, wherein generating a logic data file based on a decrypted file according to the requirements of the system host program comprises:
and generating a logic data file based on the decryption information and the non-encrypted auxiliary information in the decryption file according to the requirement of the main program of the system.
4. A host-based password ciphertext storage and use method as claimed in claim 1, wherein the logical name of the logical data file is fixed and the physical file name is random.
5. The host-based password ciphertext storage and use method of claim 1, further comprising:
and after the system main program uses the logic data file, deleting the logic data file.
6. A host-based password ciphertext storage and use apparatus, comprising:
the decryption module is used for reading the encrypted file for decryption before the system main program reads the encrypted file to obtain a decrypted file;
a logic data file generating module, which is used for generating a logic data file based on the decryption file according to the requirement of the system main program, wherein the logic data file comprises general information used by the system main program and does not contain confidential information;
and the application module is used for providing the logic data file to a system main program, and the system main program uses the logic data file to perform corresponding logic operation.
7. The host-based password ciphertext storage and use apparatus of claim 6, wherein the decryption module is specifically configured to:
obtaining an authorized key prior to decryption;
and decrypting the encrypted file by using the corresponding decryption algorithm by using the authorized key.
8. The host-based password ciphertext storage and use apparatus of claim 6, wherein the logic data file generation module is specifically configured to:
and generating a logic data file based on the decryption information and the non-encrypted auxiliary information in the decryption file according to the requirement of the main program of the system.
9. A host-based password ciphertext storage and use apparatus according to claim 6, wherein the logical name of the logical data file is fixed and the physical file name is random.
10. The host-based password ciphertext storage and use apparatus of claim 6, wherein the application module is further to:
and after the system main program uses the logic data file, deleting the logic data file.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for storing and using the host-based password ciphertext according to any one of claims 1 to 5 when executing the computer program.
12. A computer-readable storage medium, wherein the computer-readable storage medium stores a computer program, and wherein the computer program, when executed by a processor, implements the host-based password ciphertext storage and use method of any of claims 1 to 5.
13. A computer program product comprising a computer program which, when executed by a processor, implements the host-based password ciphertext storage and use method of any of claims 1 to 5.
CN202210615177.7A 2022-05-31 2022-05-31 Password ciphertext storage and use method and device based on host Pending CN114969789A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210615177.7A CN114969789A (en) 2022-05-31 2022-05-31 Password ciphertext storage and use method and device based on host

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210615177.7A CN114969789A (en) 2022-05-31 2022-05-31 Password ciphertext storage and use method and device based on host

Publications (1)

Publication Number Publication Date
CN114969789A true CN114969789A (en) 2022-08-30

Family

ID=82959136

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210615177.7A Pending CN114969789A (en) 2022-05-31 2022-05-31 Password ciphertext storage and use method and device based on host

Country Status (1)

Country Link
CN (1) CN114969789A (en)

Similar Documents

Publication Publication Date Title
US20170295013A1 (en) Method for fulfilling a cryptographic request requiring a value of a private key
US10079674B2 (en) Systems and methods for privacy-preserving functional IP verification utilizing fully homomorphic encryption
CN108111622B (en) Method, device and system for downloading white box library file
CN108134673B (en) Method and device for generating white box library file
WO2011134207A1 (en) Method for protecting software
CN115442032A (en) Data processing method, system on chip and readable storage medium
CN111984985A (en) HDL source code encryption method based on FPGA hardware system
CN116522358A (en) Data encryption method, device, computing equipment and storage medium
CN113326518B (en) Data processing method and device
JP6672451B2 (en) Encrypted search index merge server, encrypted search index merge system, and encrypted search index merge method
JPWO2006118101A1 (en) CONFIDENTIAL INFORMATION PROCESSING HOST DEVICE AND CONFIDENTIAL INFORMATION PROCESSING METHOD
CN114444028B (en) Method, device, computer equipment and storage medium for improving code security
CN114969789A (en) Password ciphertext storage and use method and device based on host
CN111339523B (en) Authorization method and device for embedded equipment
CN113839773B (en) LUKS key offline extraction method, terminal equipment and storage medium
CN113282939B (en) Data unloading encryption and decryption method and system based on PowerPC and detachable storage equipment
CN114139117A (en) Application program reinforcing method and device, electronic equipment and storage medium
CN114465720A (en) Key migration method and device, storage medium and electronic equipment
CN108920967B (en) Data processing method, device, terminal and computer storage medium
US11232219B1 (en) Protection of electronic designs
CN114254335A (en) Encryption method and device based on GPU, encryption equipment and storage medium
CN111639358A (en) Instruction encryption method, encrypted instruction decryption method and device
CN107688729B (en) Application program protection system and method based on trusted host
CN101354737A (en) Method and apparatus for reading CPU machine code and SOC chip
KR102177920B1 (en) Apparatus and method for packing original source code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination