[go: up one dir, main page]

WO2015188442A1 - Procédé et dispositif de gestion de mots de passe - Google Patents

Procédé et dispositif de gestion de mots de passe Download PDF

Info

Publication number
WO2015188442A1
WO2015188442A1 PCT/CN2014/084634 CN2014084634W WO2015188442A1 WO 2015188442 A1 WO2015188442 A1 WO 2015188442A1 CN 2014084634 W CN2014084634 W CN 2014084634W WO 2015188442 A1 WO2015188442 A1 WO 2015188442A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
password
unlock
unlocking
different
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/084634
Other languages
English (en)
Chinese (zh)
Inventor
钟卫东
程圣宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2015188442A1 publication Critical patent/WO2015188442A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Definitions

  • the present invention relates to the field of password management technologies, and in particular, to a password management method and apparatus.
  • Passwords are a widely used technology in the field of computer security.
  • users In the operating system, users generally log in with their username and password.
  • the user In the Windows operating system, when the system is started, the user enters the system by entering a username and password. Different users can have different permissions, and different users can customize their own private desktops. After the system locks the screen, you need to enter the system again. If you do not need to switch users, just enter the password.
  • Many applications also use cryptographic techniques to protect user privacy and data security, such as gesture locks, application locks, etc. on Android phones.
  • the cryptographic technology used in the related system has the following common features: in a multi-user operating system, each user has certain privilege and desktop; in a single-user operating system or application, after the user enters the corresponding password into the system, its privilege And the desktop is also fixed.
  • a password policy is not flexible enough to meet the needs of certain application scenarios.
  • Manager Zhang when Manager Zhang is viewing confidential information on a computer (or terminal such as a mobile phone), a subordinate suddenly has something to look for. Manager Zhang does not want his subordinates to see the information, so he quickly exchanges the computer with the subordinates after locking the screen. However, Manager Zhang and the subordinates need to jointly view some information on the computer. If Zhang Manager directly unlocks the screen, the content of the screen that was just being viewed will be seen by the subordinates. It can be seen that the related password management system can not meet the information security requirements of Manager Zhang. For example, the child needs to use his father's mobile phone, but the father's mobile phone has information or an application that is not suitable for the child to see. If the father unlocks the mobile phone to the child, the father's privacy may be revealed or the child may not see it. Content. There is no good way to meet the information security and privacy protection requirements of users in different application scenarios.
  • the technical problem to be solved by the present invention is to provide a password management method and device for solving the phase
  • the problem of information security and privacy protection requirements in different application scenarios in the technology is difficult to guarantee.
  • the following technical solutions are used:
  • a password management method including:
  • the user Based on the entered unlock password, the user is provided with user rights corresponding to the entered unlock password.
  • the step of configuring at least two unlock passwords for a user includes:
  • the step of providing the user with the user right corresponding to the input unlock password according to the input unlock password includes:
  • the user In the case that the user inputs the first unlock password, the user is provided with the first user right, and in the case that the user inputs the second unlock password, the user is provided with the second user right.
  • the step of providing the user with the user right corresponding to the input unlock password includes:
  • the user is provided with resources with user rights.
  • the method further includes: setting a resource without user rights to be invisible.
  • the unlock password includes at least one of a text password, a gesture password, a fingerprint password, a facial expression password, and a voice password.
  • a password management device includes a configuration unit, a receiving unit, and a providing unit, where: the configuration unit is configured to: configure at least two unlocking passwords for one user, and different unlocking The password corresponds to different user rights;
  • the receiving unit is configured to: receive an unlock password input by a user;
  • the providing unit is configured to: provide the user with a user right corresponding to the input unlock password according to the input unlock password.
  • the receiving unit is configured to configure at least two unlocking passwords for a user according to the following manner: configuring a first unlocking password or a second unlocking password for a user; wherein, the first unlocking password corresponds to the first user right The second unlocking password corresponds to the second user right, and the first user right is different from the second user right;
  • the providing unit is arranged to provide the user with a user right corresponding to the entered unlocking password as follows:
  • the user In the case that the user inputs the first unlock password, the user is provided with the first user right, and in the case that the user inputs the second unlock password, the user is provided with the second user right.
  • the providing unit is further configured to provide the user with a user right corresponding to the input unlocking password as follows: Provide the user with a resource with user rights.
  • the providing unit is arranged to provide the user with resources with user rights as follows: Set resources without user rights to be invisible.
  • the unlock password includes at least one of a text password, a gesture password, a fingerprint password, a facial expression password, and a voice password.
  • a user may have at least two unlock passwords, and each unlock password corresponds to a different user right, and after receiving the user inputting one of the unlock passwords, the user may be provided with the input unlock password.
  • the corresponding user rights such as unlocking with different passwords, can provide different user rights to the user, thereby satisfying the information security and privacy protection requirements of the user in different application scenarios.
  • FIG. 1 is a flowchart of a password management method according to an embodiment of the present invention
  • 2 is a detailed flowchart of a password management method according to an embodiment of the present invention
  • FIG. 3 is another detailed flowchart of a password management method according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of a password management apparatus according to an embodiment of the present invention. Preferred embodiment of the invention
  • an embodiment of the present invention provides a password management method, including:
  • the user right corresponding to the input unlock password is provided to the user according to the input unlock password.
  • a user may have at least two unlock passwords, and each unlock password corresponds to a different user right.
  • the user can provide the user with the unlocked input.
  • the user rights corresponding to the passwords so that different user passwords can be unlocked by different passwords, thereby satisfying the information security and privacy protection requirements of the users in different application scenarios.
  • the unlock password may be a password that needs to be input when logging in to the operating system, or a password that needs to be input when using an application or accessing certain system files, optionally,
  • the unlock password may include one or more of a text password, a gesture password, a fingerprint password, a facial expression password, and a voice password, and may be applied to a personal computer or a mobile terminal such as a mobile phone, and the implementation of the present invention This example does not limit this.
  • password management method of the present invention When the password management method of the present invention is applied to an operating system, desktop management, configuration management, user information management, and kernel processing logic can be enhanced on the basis of related operating systems, and application programming interfaces (Application Programming Interfaces) are applied. Interface) to expand.
  • application programming interfaces Application Programming Interfaces
  • the user may display a prompt interface for inputting a user name and a password, accept information input by the user, and display the processed information to the user, and the user should use other information on the desktop.
  • the interface prompting the user to input a password may also have no username input box.
  • information such as the configured user name, password, user desktop configuration information, and user-associated application permissions can be saved.
  • the Android platform only the screen lock and password management module in the security module need to be improved, the user information is saved without special design, and the existing file system function can meet the requirements.
  • a corresponding design may be required, such as a change in the passwd file format in Linux.
  • a development interface may be left to provide secondary development support for the application developer.
  • the application can also provide a permission setting interface for accessing system resources, so that the programmer can call these interfaces to develop an application's multi-password management system, so that the application supports different users, or different passwords of the same user have different interfaces, Different permissions features.
  • a Java programming interface can be provided to the application layer in the form of a Framework component.
  • the application layer may not be provided by a Java interface, but an interface such as C or C++. The embodiment of the present invention is not limited thereto.
  • providing the user with the corresponding user rights may specifically include: providing the user with a resource with user rights.
  • resources with user rights may include all resources that the operating system kernel can control, such as network, file system, camera, application, and so on.
  • the resource without the user right may be set to be invisible to the user, or the resource without the user right may be set to be invisible to the user.
  • the operating system desktop is also one of the resources.
  • the security and security of the privacy protection are essential.
  • different unlock passwords are used. Can correspond to different desktops, so that even if there are some more private files or open web pages on the desktop before the lock screen, use the unlock password of another user right.
  • the files or web pages that are more private are not displayed on the desktop, thus satisfying the user's information security and privacy protection requirements.
  • one user can have more than two unlock passwords. After unlocking the system with different unlock passwords, different user rights of the system can be obtained. For example, in an embodiment of the present invention, a user has two corresponding unlock passwords, where the first password corresponds to a large user right, which involves a lot of personal privacy, and the second password corresponds to a small user right. More convenient to show to others.
  • the step of configuring at least two unlocking passwords for a user includes: configuring a first unlocking password or a second unlocking password for a user; wherein the first unlocking password corresponds to the first user right, the The second unlocking password corresponds to the second user right, the first user right is different from the second user right; in step S13, the user corresponding to the input unlocking password is provided to the user according to the input unlocking password.
  • the privilege specifically includes: providing the first user authority to the user when the user inputs the first unlock password, and providing the user with the second unlock password when the user inputs the second unlock password Two user rights.
  • FIG. 2 is a flow chart of a password management method in a process of locking and unlocking a mobile terminal, and the method mainly includes the following steps:
  • the gesture lock interface can also be configured to log in using a text password.
  • the fingerprint lock input interface, the expression lock input interface, and the like can also be used.
  • the desktop corresponding to the password input by the user is displayed, and the access permission of the related application or system resource is set according to the saved user information data.
  • the application and system resources that the user is not authorized to execute may be hidden, and the applications or resources are not displayed on the desktop or in the application management interface. Some menu items that are not authorized to be executed in the popup menu are also hidden. At this point, the user logs in to the system successfully.
  • the user performs a normal operation on the interface, and the operating system can receive the user's operation behavior, and judges the legality of the operation. If it is an illegal operation, no effect is produced.
  • the prompt information may be given when the user performs an illegal operation.
  • the legal operation behavior is executed, and the execution result is echoed back to the user, and then continues to wait for the next operation.
  • the Android platform if the user performs a lock screen operation, the user switches to the standby state, and when the user activates next time, the login interface is entered. In other embodiments, when the user locks the screen, it is also possible to switch directly to the login interface instead of entering the standby state.
  • the embodiment shown in FIG. 2 is an example in which the password management method provided by the present invention is applied to an operating system, but the present invention is not limited thereto, and the password management method can also be applied to some specific applications.
  • a program lock can be developed. When the application is encrypted by the lock, the program lock is first started, and the user is required to input a password. The user can only start the application by inputting the correct password.
  • the program lock is called application A
  • another program encrypted by program lock is application B.
  • the application A can set multiple passwords for the application B, and assign different system resource access rights to each password.
  • the password 1 allows the application B to access the network and the camera
  • the password 2 only allows the application. B accesses the camera and cannot access the network.
  • the password management method applicable to the application includes the following steps:
  • the application B when the user starts the application B, first enters the program lock interface, and allows the user to input a password. Only after inputting the correct password, the application B can be successfully started. After entering the application B, the interface corresponding to the different password may be There is no difference, but if the user is started with password 1, then application B can use either the network or the camera. If the user starts with password 2, then application B can only use the camera at this time and cannot access the network.
  • the application design of the program lock may not be separately performed, but the password management and the permission control are all implemented in the same application, and even different interfaces may be set for different passwords.
  • an embodiment of the present invention further provides a password management apparatus.
  • the apparatus includes: a configuration unit 30, a receiving unit 32, and a providing unit 34, where:
  • the configuration unit 30 is configured to: configure at least two unlock passwords for one user, where different unlock passwords respectively correspond to different user rights;
  • the receiving unit 32 is configured to: receive an unlock password input by the user;
  • the providing unit 34 is configured to: provide the user with the user right corresponding to the input unlocking password according to the input unlocking password.
  • a user may have at least two unlock passwords, and each unlock password corresponds to a different user right.
  • the receiving unit 32 receives the user to input one of the unlock passwords
  • the providing unit 34 can The user provides the user right corresponding to the input unlock password. In this way, by unlocking different passwords, different user rights can be provided to the user, thereby satisfying the information security and privacy protection requirements of the user in different application scenarios.
  • the unlock password includes at least one of a text password, a gesture password, a fingerprint password, a facial expression password, and a voice password.
  • the providing unit 34 is specifically configured to: provide the user with resources with user rights.
  • the providing unit 34 may be further configured to set a resource without user rights to be invisible.
  • the configuration unit 30 is configured to: configure a first unlocking password or a second unlocking password for a user; wherein the first unlocking password corresponds to the first user right, and the second unlocking password corresponds to the second user The first user right is different from the second user right; the providing unit 34 may be specifically configured to: when the user inputs the first unlocking password, provide the first user right to the user, In the case where the user inputs the second unlock password, the user is provided with the second user right.
  • a user may have at least two unlock passwords, and each unlock password corresponds to a different user right, and after receiving the user inputting one of the unlock passwords, the user may be provided with the input unlock password.
  • Corresponding user rights so that by unlocking different passwords, users can be provided with different user rights, thus satisfying the user.
  • Information security and privacy protection requirements in the same application scenario. Therefore, the present invention has strong industrial applicability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)

Abstract

La présente invention se rapporte au domaine technique des ordinateurs et de la communication mobile. La présente invention concerne un dispositif et un procédé de gestion de mots de passe, permettant de résoudre le problème dans l'état de la technique comme quoi il est difficile de satisfaire aux exigences de sécurité des informations et de protection de la vie privée dans différents scénarios d'application, le procédé comportant les étapes consistant à : configurer au moins deux mots de passe de déverrouillage pour un utilisateur, différents mots de passe de déverrouillage correspondant à différents droits d'utilisateur; recevoir les mots de passe de déverrouillage entrés par l'utilisateur; fournir des droits d'utilisateur correspondants pour l'utilisateur en fonction des mots de passe de déverrouillage entrés. La solution technique peut être utilisée dans divers systèmes et applications nécessitant une ouverture de session avec authentification de mot de passe.
PCT/CN2014/084634 2014-06-12 2014-08-18 Procédé et dispositif de gestion de mots de passe Ceased WO2015188442A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410258800.3A CN105279423A (zh) 2014-06-12 2014-06-12 一种密码管理方法及装置
CN201410258800.3 2014-06-12

Publications (1)

Publication Number Publication Date
WO2015188442A1 true WO2015188442A1 (fr) 2015-12-17

Family

ID=54832769

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/084634 Ceased WO2015188442A1 (fr) 2014-06-12 2014-08-18 Procédé et dispositif de gestion de mots de passe

Country Status (2)

Country Link
CN (1) CN105279423A (fr)
WO (1) WO2015188442A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3961440A4 (fr) * 2019-05-24 2022-06-15 Huawei Technologies Co., Ltd. Procédé d'ouverture de session pour terminal intelligent, et dispositif électronique
WO2024119722A1 (fr) * 2022-12-05 2024-06-13 中兴通讯股份有限公司 Procédé et appareil d'authentification de voix, et dispositif électronique et support de stockage

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107133504A (zh) * 2016-02-29 2017-09-05 广州市动景计算机科技有限公司 权限管理系统、权限管理方法及电子设备
CN105701389A (zh) * 2016-03-02 2016-06-22 深圳市智汇十方科技有限公司 一种移动终端的管理方法和系统
CN106127077B (zh) * 2016-06-30 2019-04-23 成都中科创达软件有限公司 一种保护用户隐私信息的方法及终端
CN106599678B (zh) * 2016-12-05 2019-08-30 北京小米移动软件有限公司 屏幕解锁方法及设备
CN106604278B (zh) * 2016-12-14 2020-10-13 炫彩互动网络科技有限公司 一种多权限的移动网络共享方法
CN107181852A (zh) * 2017-07-19 2017-09-19 维沃移动通信有限公司 一种信息发送方法、信息显示方法及移动终端
CN107862186A (zh) * 2017-10-19 2018-03-30 佛山市章扬科技有限公司 一种手机解锁方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970408A (zh) * 2011-08-30 2013-03-13 三星电子株式会社 用于管理无线终端中应用的装置和方法
US20140075551A1 (en) * 2012-09-07 2014-03-13 Samsung Electronics Co., Ltd. Method and apparatus to manage user account of device
CN103699830A (zh) * 2013-12-30 2014-04-02 中科创达软件股份有限公司 一种操作系统解锁方法及装置

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183468A (zh) * 2006-11-13 2008-05-21 杨文烈 终端登录系统及方法
KR101650102B1 (ko) * 2009-09-22 2016-08-23 삼성전자주식회사 터치 스크린을 구비한 이동 단말의 사용자 인터페이스 제공 방법 및 그 단말
CN103793636B (zh) * 2012-11-01 2017-12-22 华为技术有限公司 一种设备及保护设备隐私的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970408A (zh) * 2011-08-30 2013-03-13 三星电子株式会社 用于管理无线终端中应用的装置和方法
US20140075551A1 (en) * 2012-09-07 2014-03-13 Samsung Electronics Co., Ltd. Method and apparatus to manage user account of device
CN103699830A (zh) * 2013-12-30 2014-04-02 中科创达软件股份有限公司 一种操作系统解锁方法及装置

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3961440A4 (fr) * 2019-05-24 2022-06-15 Huawei Technologies Co., Ltd. Procédé d'ouverture de session pour terminal intelligent, et dispositif électronique
WO2024119722A1 (fr) * 2022-12-05 2024-06-13 中兴通讯股份有限公司 Procédé et appareil d'authentification de voix, et dispositif électronique et support de stockage

Also Published As

Publication number Publication date
CN105279423A (zh) 2016-01-27

Similar Documents

Publication Publication Date Title
WO2015188442A1 (fr) Procédé et dispositif de gestion de mots de passe
KR102454203B1 (ko) 멀티-테넌트 컴퓨팅 시스템의 보안 및 허가 아키텍처
KR102459199B1 (ko) 멀티-테넌트 컴퓨팅 시스템의 보안 및 허가 아키텍처
CA2792772C (fr) Perimetres a generation dynamique
CN102880820B (zh) 一种移动终端应用程序访问方法及移动终端
EP3295356B1 (fr) Authentification déléguée par dispositif périphérique lié au serveur d'authentification
US9098687B2 (en) User and device authentication in enterprise systems
US20120054741A1 (en) User authentication virtual machine
CN112513857A (zh) 可信执行环境中的个性化密码安全访问控制
US12184766B2 (en) Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiatable resilient authorized access to secret data
US9930705B2 (en) Mobile terminal control method, apparatus and system
US10037418B2 (en) Pre-boot authentication credential sharing system
EP3685287A1 (fr) Cadre extensible pour authentification
CN113221095A (zh) 一种应用程序保护方法、装置、电子设备及存储介质
WO2017114210A1 (fr) Appareil et procédé de contrôle de sécurité d'un système de traitement de données
WO2015066389A1 (fr) Procédé et système de sécurité pour dispositifs d'e/s aptes à fonctionner en réseau
WO2024206971A1 (fr) Systèmes et procédés de connexion administrative anonyme
US20140380417A1 (en) Methods And Devices For Controlling Access To Distributed Resources
US20230401299A1 (en) Device access control
US9479492B1 (en) Authored injections of context that are resolved at authentication time
WO2015081678A1 (fr) Procédé et appareil de chargement d'interface utilisateur et terminal mince
US12526286B2 (en) Systems and methods for end user privilege elevation
SABEV et al. CHAPTER EIGHT REQUIREMENTS FOR SECURING USER DATA IN ANDROID APPLICATIONS
CN118862050A (zh) 一种Linux操作系统DBus服务安全管控方法、装置及产品
Barbar et al. A Bluetooth Secure Solution for Accessing Personal Computers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14894622

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14894622

Country of ref document: EP

Kind code of ref document: A1