[go: up one dir, main page]

CN119203117A - Password management method and password management system - Google Patents

Password management method and password management system Download PDF

Info

Publication number
CN119203117A
CN119203117A CN202411621485.6A CN202411621485A CN119203117A CN 119203117 A CN119203117 A CN 119203117A CN 202411621485 A CN202411621485 A CN 202411621485A CN 119203117 A CN119203117 A CN 119203117A
Authority
CN
China
Prior art keywords
password
computer
information
equipment
external
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411621485.6A
Other languages
Chinese (zh)
Inventor
韩征
梁焱超
金钧华
张近交
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ideabank Technology Co ltd
Original Assignee
Ideabank Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ideabank Technology Co ltd filed Critical Ideabank Technology Co ltd
Priority to CN202411621485.6A priority Critical patent/CN119203117A/en
Publication of CN119203117A publication Critical patent/CN119203117A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a password management method and a password management system, and relates to the technical field of Internet password management. The system comprises computer equipment and external equipment, wherein the computer equipment is in communication connection with the external equipment through an external interface of the computer equipment. In the process of carrying out the authentication based on the password, the problem of secret leakage possibly encountered by password data during data migration is solved through the signal interaction and function setting of the computer equipment and the external equipment, and the data confidentiality is greatly enhanced. The integrity of forced asymmetric verification identity information is added, and non-repudiation is realized.

Description

Password management method and password management system
Technical Field
The invention relates to the technical field of internet password management, in particular to a password management method and a password management system.
Background
Password management techniques are used for web site user name and password storage, and users access web site clients to read information in electronic keys and automatically fill in input boxes.
In the related art, the browser has password storage and automatic filling functions. After the password is input for the first time, the password is stored into a local disk storage area, the user name and the password can be automatically filled in when the website is accessed next time, and meanwhile, if a login user can remotely synchronize the password information.
However, the synchronization method in the related art is performed based on the computer device itself, and the authentication process of the operator associated with the computer device is not considered, that is, the password automatic storage and calling method in the related art has security holes.
Disclosure of Invention
The invention relates to a password management method and a password management system, which can be combined with external equipment to realize the safe management of passwords, and the technical scheme is as follows:
In one aspect, a password management method is provided, and the password management method is applied to a password management system, wherein the password management system comprises a computer device and an external device;
The computer equipment is in communication connection with the external equipment through an external interface of the computer equipment;
the method comprises the following steps:
the method comprises the steps that computer equipment generates a password acquisition instruction, wherein the password acquisition instruction comprises a computer identifier corresponding to the computer equipment, and the computer identifier comprises a local feature identifier, a software information identifier and a signature information identifier;
The external device receives the password acquisition instruction, verifies the password acquisition instruction to obtain a password verification result, responds to the password verification result to indicate that the password verification is passed, acquires an instruction analysis result, acquires a password key corresponding to the password acquisition instruction based on the instruction analysis result, and feeds back the password key to the computer device;
The computer equipment receives the password secret key, generates password backup information based on the password secret key and a computer identifier, wherein the password backup information is associated with a password database prestored in the computer equipment, and the computer identifier comprises a local characteristic identifier, a software characteristic identifier and a signature information identifier.
In an alternative embodiment, the password management system further comprises a registrar server;
the register server is respectively in communication connection with the computer equipment and the external equipment;
The method further comprises the steps of:
The register server acquires the computer equipment information and the external equipment information, generates a register public key based on the computer equipment information and the external equipment information, sends the register public key to the external equipment, and receives the register public key by the external equipment and synchronously registers the public key to the computer equipment.
In an alternative embodiment, the method further comprises:
the registrar server generates a PIN code associated with the computer device based on the registration public key;
And the computer equipment is used for executing PIN code verification and generating password acquisition instructions in response to passing the PIN code verification.
In an alternative embodiment, the external device verifies the password acquisition instruction to obtain a password verification result, including:
and verifying the password acquisition instruction based on the private key of the password acquisition instruction to obtain a password verification result.
In an alternative embodiment, the computer device is further configured to generate computer device binding information based on the PIN code, and store the computer device binding information.
In an alternative embodiment, a computer device generates password acquisition instructions comprising:
the computer device obtains a password input signal, wherein the password input signal is generated by operating an input window of the browser program, and generates a password obtaining instruction in the password management program through WSS (WebSocket Secure) communication based on the password input signal.
In an alternative embodiment, after the computer device obtains the password input signal, it includes:
the password input signal is extracted by the browser plug-in.
In an alternative embodiment, the external device obtains a password key corresponding to the password obtaining instruction based on the instruction parsing result, including:
The external device obtains password information from a password database of the external storage device based on the instruction analysis result, obtains key pair storage information from a key pair storage database based on the instruction analysis result and the password obtaining instruction, and verifies whether the key pair storage information corresponds based on the key pair storage information and the password information.
In an alternative embodiment, the external device is implemented as a USB device.
On the other hand, a password management system is provided, and comprises a computer device and an external device;
The computer equipment is in communication connection with the external equipment through an external interface of the computer equipment;
the password management system is used for executing the password management method as any one.
The technical scheme provided by the invention has the beneficial effects that at least:
in the process of carrying out the authentication based on the password, the problem of secret leakage possibly encountered by password data during data migration is solved through the signal interaction and function setting of the computer equipment and the external equipment, and the data confidentiality is greatly enhanced. The integrity of forced asymmetric verification identity information is added, and non-repudiation is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram illustrating a password management system according to an exemplary embodiment of the present application.
FIG. 2 is a schematic diagram illustrating another password management system according to an exemplary embodiment of the present application.
FIG. 3 is a schematic diagram illustrating another password management system according to an exemplary embodiment of the present application.
Fig. 4 is a flow chart of a password management method according to an exemplary embodiment of the present application.
Fig. 5 is a schematic flow chart of public and private key generation by a registrar server according to an exemplary embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings.
FIG. 1 is a schematic diagram of a password management system according to an exemplary embodiment of the present application, please refer to FIG. 1, wherein the password management system includes a computer device 110 and an external device 120, and the computer device is communicatively connected to the external device through an external interface of the computer device;
In one example, the external device is implemented as a USB device, which is connected to the computer device through a USB interface. Alternatively, the computer device is implemented as a device such as a personal computer.
In this case, fig. 2 is a schematic structural diagram of a password management system according to an exemplary embodiment of the present application, and referring to fig. 2, the system includes a computer device 210, an external device 220, and a registrar server 230. The registrar server 230 is a third party server independent of the computer device and the external device, and has a function of registering information of the computer device and the external device. In the embodiment of the application, the registrar server only has interaction relation with the external equipment.
Fig. 3 shows a schematic diagram of another password management system according to an exemplary embodiment of the present application, in which a computer device 310 includes a browser application module 311, a browser plug-in module 312, a password management program module 313, and an information binding module 314, and an external device 320 includes a password database 321, a key pair storage database 322, an interface 323, an encryption algorithm module 324, and a registered public key list storage module 325. The registrar server 230 includes a public key management module 231, a private key management module 232, and a PIN code generation module 323.
Fig. 4 is a flow chart of a password management method according to an exemplary embodiment of the present application, and the method is applied to the system of any one of fig. 1 to fig. 3 for explanation, and includes:
in step 401, a computer device generates a password acquisition instruction.
In the embodiment of the application, the computer equipment is equipment capable of logging in a browser, and the password acquisition instruction can be realized as a login password for a webpage.
In step 402, the computer device sends a password acquisition instruction to the external device.
The process is the sending process of the password acquisition instruction.
In step 403, the external device receives the password acquisition instruction.
Step 404, the external device verifies the password acquisition instruction to obtain a password verification result.
The process is the authenticity verification process of the password acquisition instruction so as to determine the connection correctness of the external equipment and the computer equipment.
Step 405, the external device responds to the password verification result to indicate that the password verification is passed, and obtains an instruction analysis result.
In the embodiment of the application, the instruction analysis result is used for indicating the specific content of the password acquisition instruction of the computer equipment. Optionally, the content corresponds to a browser identification in browser software of the computer device.
In step 406, the external device obtains the password key corresponding to the password obtaining instruction based on the instruction parsing result.
In the embodiment of the application, the external device acquires password information from the password database based on the instruction analysis result, acquires key pair storage information from the key pair storage database based on the instruction analysis result and the password acquisition instruction, and finally generates the password key based on the key pair storage information and the password information. In one example, the key pair deposit information is implemented in the form of an address identification of the memory space. After the key storage pair information and the password information are matched to the corresponding degree, the password key can be generated.
In step 407, the external device feeds back the password key to the computer device.
The process is the feedback process of the password key.
In step 408, the computer device receives the password key.
In step 409, the computer device generates password backup information based on the password key.
In the embodiment of the application, the password backup information comprises information related to the use of the password key. In the embodiment of the application, the password backup information is associated with a password database pre-stored in the computer device, and the computer identifier comprises a local feature identifier, a software feature identifier and a signature information identifier. In one example, the computer identifier includes a network card MAC value, a CPU serial number, a hard disk serial number, a motherboard serial number, and PUF information.
In the embodiment of the application, the password backup information is associated with a password database pre-stored in the computer equipment.
In some embodiments of the present application, as described above, the registrar server is configured to confirm and implement an association between the computer device and the external device. Fig. 5 shows a schematic flow chart of public and private key generation by a registrar server, and the method is applied to the registrar server for explanation, and the process includes:
step 501, obtaining computer device information and external device information.
In the embodiment of the application, the computer equipment information is associated with the corresponding identifier of the computer, the external equipment information is associated with the identifier of the external equipment, and the computer equipment information and the external equipment information are associated. In the embodiment of the application, the computer equipment information is the information which can not be cloned in the processor and the memory of the computer equipment.
Step 502, generating a registration public key based on the computer device information and the external device information.
In the embodiment of the application, the registration public key comprises a public-private key pair of an identification algorithm and a registration code. The computer equipment information is computer identification, the computer identification is used for carrying out identification algorithm operation, an asymmetric key can be generated, after the registrar server signs through the asymmetric key, a registration public key is generated, and the registration public key can be subjected to private key configuration.
Step 503, sending the registered public key to the external device.
That is, in the embodiment of the present application, in order to ensure the verification security in the communication process, the registration public key is only sent to the external device for storage through the registrar server. Optionally, when the external device is connected to the computer device, after the communication connection relationship is established between the computer device and the external device, the external device is verified, synchronously registers the public key with the computer device, and generates a corresponding private key for interaction. Optionally, the registration public key is synchronously transmitted to the computer device.
In one example, if there is this public key in the device registration public key list while the verification is successful, the rights acquisition is returned to be successful. Then the cipher management program reads the registered public key from the encryption area, then encrypts a section of random number R by using the public key, obtains private key decryption from the specific container of the external equipment, and if the result is the random number R, the matching is correct. To this end, the two parties recognize each other.
In conjunction with the above description, in some embodiments of the application, the registrar server generates a PIN code associated with the computer device based on the registration public key and sends the PIN code to the computer device. In this case, the computer device is configured to perform PIN code verification, and in response to passing the PIN code verification, generate a password acquisition instruction. Meanwhile, in some other embodiments of the present application, the computer device and the external device perform synchronous PIN code verification, so as to further ensure the security of the registration process. In the user interface, the PIN code verification process may be implemented as an integrated process or as a process of mutually separating. It should be noted that, when the computer device starts the management program, the PIN code needs to be input, that is, the PIN code is important information for encrypting the password of the local data.
Correspondingly, the external device verifies the password acquisition instruction based on the private key of the external device to obtain a password verification result. In the embodiment of the application, the computer equipment has a local storage function, generates the computer equipment binding information based on the PIN code, and stores the computer equipment binding information.
In the embodiment of the application, the process of generating the password acquisition instruction by the computer equipment comprises the step of receiving a password input signal by the computer equipment, wherein the password input signal is a signal generated by operating an input window of a browser program. In this case, the user will perform a pre-authentication process of the password acquisition instruction by way of inputting a password, that is, the computer device generates the password acquisition instruction in the password management program through WSS communication based on the password input signal.
In this case, the computer device extracts the location of the user name and password input box by the browser plug-in the manner of AI identification based on the image, and acquires the password input signal.
In one example, the computer device first uses a traversal process to see if the current page has an input box, then the system will cut the current page with AI, identify if there is a user name input box and a login box, and if there is an icon added to the box as the active click position of the user.
Optionally, after the computer device interfaces the password input signal, the computer device also extracts the password input signal through a browser plug-in. That is, when the browser plug-in is configured to correspond to the browser, the password input signal is acquired.
It should be noted that, in various embodiments of the present application, the external device is implemented as a USB device.
The foregoing description of the preferred embodiments of the present invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, alternatives, and improvements within the spirit and principles of the present invention.

Claims (7)

1. The password management method is characterized by being applied to a password management system, wherein the password management system comprises computer equipment and external equipment;
wherein the external device is realized as a USB device;
The computer equipment is in communication connection with the external equipment through an external interface of the computer equipment;
the method comprises the following steps:
The computer equipment generates a password acquisition instruction, wherein the password acquisition instruction comprises password verification information;
The external device receives the password acquisition instruction, verifies the password acquisition instruction to obtain a password verification result, responds to the password verification result to indicate that the password verification is passed, acquires an instruction analysis result, acquires a password key corresponding to the password acquisition instruction based on the instruction analysis result, and feeds back the password key to the computer device;
Generating password backup information by combining a computer identifier based on the password key, wherein the password backup information is associated with a password database prestored in the computer device, and the computer identifier comprises a local feature identifier, a software feature identifier and a signature information identifier;
the password management system also comprises a registrar server;
The register server is respectively in communication connection with the computer equipment and the external equipment;
the method further comprises the steps of:
The register server acquires computer equipment information and external equipment information, generates a registration public key based on the computer equipment information and the external equipment information, and sends the registration public key to the external equipment;
the registration public key receives the registration public key; synchronizing the registration public key with the computer device;
the method further comprises the steps of:
The registrar server generates a PIN code associated with the computer device based on the registration public key;
the computer device is used for executing PIN code verification, and generating the password acquisition instruction in response to passing the PIN code verification.
2. The password management method as claimed in claim 1, wherein the external device verifies the password acquisition instruction to obtain a password verification result, comprising:
And the external device verifies the password acquisition instruction based on the private key of the external device to obtain the password verification result.
3. The password management method according to claim 1, wherein the method further comprises:
The computer equipment generates computer equipment binding information based on the PIN code and stores the computer equipment binding information.
4. The password management method according to claim 1, wherein the computer device generates the password acquisition instruction, comprising:
The computer equipment receives a password input signal, wherein the password input signal is generated by operating an input window of a browser program, and the password acquisition instruction is generated in a password management program through WSS communication based on the password input signal.
5. The password management method of claim 4, wherein after said computer device receives a password input signal, comprising:
and acquiring the password input signal through a browser plug-in program.
6. The password management method according to claim 1, wherein the external device acquires a password key corresponding to the password acquisition instruction based on the instruction parsing result, comprising:
The external device acquires password information from the password database stored by the external device based on the instruction analysis result, acquires key pair storage information from the key pair storage database based on the instruction analysis result and the password acquisition instruction, and verifies whether the key pair storage information corresponds based on the key pair storage information and the password information.
7. The password management system is characterized by comprising computer equipment, external equipment and a registrar server;
The computer equipment is in communication connection with the external equipment through an external interface of the computer equipment;
the register server is respectively in communication connection with the computer equipment and the external equipment;
the password management system is configured to perform the password management method according to any one of claims 1 to 6.
CN202411621485.6A 2024-11-14 2024-11-14 Password management method and password management system Pending CN119203117A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411621485.6A CN119203117A (en) 2024-11-14 2024-11-14 Password management method and password management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411621485.6A CN119203117A (en) 2024-11-14 2024-11-14 Password management method and password management system

Publications (1)

Publication Number Publication Date
CN119203117A true CN119203117A (en) 2024-12-27

Family

ID=94054665

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411621485.6A Pending CN119203117A (en) 2024-11-14 2024-11-14 Password management method and password management system

Country Status (1)

Country Link
CN (1) CN119203117A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106716433A (en) * 2013-10-01 2017-05-24 摩托罗拉移动有限责任公司 Systems and methods for credential management between electronic devices
CN106850228A (en) * 2017-01-11 2017-06-13 北京航空航天大学 A kind of foundation of portable intelligent password management system and operating method
CN107104792A (en) * 2017-04-05 2017-08-29 中国人民大学 A kind of Portable movable password management system and its management method
CN110909336A (en) * 2019-12-20 2020-03-24 上海爱信诺航芯电子科技有限公司 Password management method and device based on fingerprint USB flash disk
CN211669638U (en) * 2020-04-17 2020-10-13 广东电网有限责任公司惠州供电局 Independent password storage safety device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106716433A (en) * 2013-10-01 2017-05-24 摩托罗拉移动有限责任公司 Systems and methods for credential management between electronic devices
CN106850228A (en) * 2017-01-11 2017-06-13 北京航空航天大学 A kind of foundation of portable intelligent password management system and operating method
CN107104792A (en) * 2017-04-05 2017-08-29 中国人民大学 A kind of Portable movable password management system and its management method
CN110909336A (en) * 2019-12-20 2020-03-24 上海爱信诺航芯电子科技有限公司 Password management method and device based on fingerprint USB flash disk
CN211669638U (en) * 2020-04-17 2020-10-13 广东电网有限责任公司惠州供电局 Independent password storage safety device

Similar Documents

Publication Publication Date Title
US11683187B2 (en) User authentication with self-signed certificate and identity verification and migration
CN107302539B (en) Electronic identity registration and authentication login method and system
EP2860906B1 (en) Identity authentication method and device
CN110086608A (en) User authen method, device, computer equipment and computer readable storage medium
JP2007081482A (en) Terminal authentication method, apparatus thereof, and program
CN112953970A (en) Identity authentication method and identity authentication system
WO2019237570A1 (en) Electronic contract signing method, device and server
US20100199099A1 (en) User friendly Authentication and Login Method Using Multiple X509 Digital Certificates
CN116723027A (en) Methods and devices for providing and obtaining secure identity information
MX2008011277A (en) Digipass for the web-functional description.
CN114244508A (en) Data encryption method, device, equipment and storage medium
CN115086090A (en) Network login authentication method and device based on UKey
CN107548542B (en) User authentication method with enhanced integrity and security
JP4256361B2 (en) Authentication management method and system
CN104618356A (en) Identity verification method and device
JP2011221729A (en) Id linking system
CN115695371A (en) Domain name registration and domain name resolution method, device, system, equipment and storage medium
CN112738005A (en) Access processing method, device, system, first authentication server and storage medium
JP2000078128A (en) Communication system, IC card, and recording medium
US20240388438A1 (en) Data processing method and apparatus, program product, computer device, and storage medium
CN118606918A (en) Authentication method, device, electronic device, storage medium and program product
CN119203117A (en) Password management method and password management system
CN114826609B (en) Electronic certificate management method, device and system based on blockchain and storage medium
JP7677005B2 (en) Information management system, information management method, server device, and program
JP2006004321A (en) Security system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination