[go: up one dir, main page]

WO2016078294A1 - Method and electronic device for realizing file password lock - Google Patents

Method and electronic device for realizing file password lock Download PDF

Info

Publication number
WO2016078294A1
WO2016078294A1 PCT/CN2015/076099 CN2015076099W WO2016078294A1 WO 2016078294 A1 WO2016078294 A1 WO 2016078294A1 CN 2015076099 W CN2015076099 W CN 2015076099W WO 2016078294 A1 WO2016078294 A1 WO 2016078294A1
Authority
WO
WIPO (PCT)
Prior art keywords
value
file
password
password lock
electronic device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2015/076099
Other languages
French (fr)
Chinese (zh)
Inventor
张德地
滕凌巧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2016078294A1 publication Critical patent/WO2016078294A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to a method and an electronic device for implementing a file password lock, and more particularly to a method and an electronic device for implementing a file password lock.
  • the authorization method is also various, including password mode, USBKey mode, SMS authentication mode, serial number authentication mode or license mode.
  • USBKey is a commonly used authorization method with double security features of physical and password, and has high security performance.
  • the password information is bound to the storage carrier and cannot be copied, transmitted, or modified, resulting in poor flexibility and increased physical cost.
  • License is also a common authorization method, mainly to realize the license to use the software system.
  • the license exists in the form of files and has good flexibility.
  • its application scope is mainly limited to the software field, and the users used are limited.
  • the security is not high.
  • the existing authorization method cannot balance flexibility and security, and imposes certain restrictions on the use of users.
  • an embodiment of the present invention provides a method for implementing a file password lock.
  • the file password lock includes a number of times of enabling identification and a number of uses.
  • the method includes the following steps: a comparison step of using times, if The identifiable value is obtained by comparing the value of the number of times of using the password lock of the above file with the value of the number of uses of the user registration information table in the electronic device, and registering the value of the number of times of using the password lock with the user.
  • the value of the number of times the information table is used for comparison, when the above file password lock
  • the client connected to the electronic device is prohibited from matching the electronic device.
  • the embodiment of the present invention further provides an electronic device for implementing a file password lock
  • the electronic device includes a second database and a processor
  • the second database stores program instructions
  • the file password lock includes a number of times of enabling identification and usage times.
  • the processor processes the program instructions to perform the following steps: using the number comparison step, if the value of the number of times the password is locked is obtained according to the number of times the number of times the password is locked, and the user registration information table in the electronic device Comparing the values of the number of use times, comparing the value of the number of times of using the password lock with the value of the number of times of use of the user registration information table, when the value of the number of times of using the password lock and the use of the user registration information table When the number of times is different, the client connected to the electronic device is prohibited from matching the electronic device.
  • the implementation method and the electronic device of the file password lock according to the embodiment of the present invention can make the user's authorization mode for the device or the system both flexible and secure.
  • FIG. 1 is a diagram showing the operating environment of a file password lock recognition system 20 in accordance with an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of a component element table of a preferred embodiment of the file combination lock of FIG. 1 in accordance with an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a component element table of a preferred embodiment of the user registration information table of FIG. 1 according to an embodiment of the present invention.
  • FIG. 4 is a functional block diagram of a preferred embodiment of the file lock lock recognition system 20 of FIG. 1 in accordance with an embodiment of the present invention.
  • FIG. 5 is a flow chart of a preferred embodiment of a file password lock identification method according to an embodiment of the present invention.
  • FIG. 6 is a functional block diagram of a preferred embodiment of a file password lock management system 22 in accordance with an embodiment of the present invention.
  • FIG. 1 is a diagram showing an operating environment of a file password lock recognition system 20 according to an embodiment of the present invention.
  • the above-described file password lock recognition system 20 operates in the electronic device 2, and the electronic device 2 includes a second database 21 and a file password lock management system 22.
  • the electronic device 2 may be a computer, a server, or a tablet computer, and the electronic device 2 may further include a processor.
  • the user database registry and the device identifier of the electronic device 2 are stored in the second database 21 described above.
  • the components of the user registration information table include a user serial number, a user identifier, a valid identifier, a usage count, a number of times enable identifier, a password enable identifier, a password, and a permission level (as shown in FIG. 3).
  • the component of the user registration information table is defined as the first
  • the constituent elements have the corresponding numerical values of the first constituent elements, and the corresponding numerical values are defined as the first constituent values.
  • the user of the electronic device 2 may be a plurality of users, and each user corresponds to one user identifier.
  • the electronic device 2 communicates with a plurality of clients 1 through a connection manner such as a physical connection or a network connection.
  • the plurality of clients 1 may be a magnetic card, a mobile phone, a USB flash drive, a mobile hard disk, or a tablet computer.
  • Each client 1 includes a first database 10, and the first database 10 stores a file password lock, which is generated by the file password lock management system 22 in the electronic device 2, and a file password lock corresponding to the electronic device 2
  • the file password lock is an encrypted file, and the encrypted file includes a plurality of component elements. As shown in FIG.
  • the component elements include an information identifier, a number of times enable identifier, a usage count, a password enable identifier, and a password. And permission levels, etc.
  • the constituent elements of the file lock are defined as the second component, the second component has a corresponding numerical value, and the corresponding numerical value is defined as the second component value.
  • the information identifier in the second component includes the device identifier, the user identifier, and the valid identifier.
  • the corresponding constituent elements of the first component element and the second component element include: a user identifier, a valid identifier, a usage count, a number of times enable identifier, a password enable identifier, a password, and a permission level (as shown in FIG. 2 and FIG. 3). .
  • the initial values of the user identifier, the valid identifier, the number of times of use, the number of times enable identifier, the password enable identifier, and the permission level are set to the same value.
  • the user identifier in FIG. 2 is “zhang”.
  • the effective identification, the number of times of use, the number of times enable identification, the password enable identifier, and the permission level are the initial identification, usage count, number of times enable identifier, password enable identifier, and initial level of the permission level of the user identifier "zhang" in FIG.
  • the values are the same.
  • the password in FIG. 2 is different from the initial value of the password in FIG. 3.
  • the initial value of the password in FIG. 2 is null
  • the initial value of the password in FIG. 3 is not null. .
  • the password lock of the file lock can be allowed or prohibited. If the password lock of the file lock is allowed, the password in the password lock and the user registration information table are Compare the passwords in the file to see if the two passwords are consistent.
  • the above privilege level represents the privilege of the user corresponding to the password lock of the above file, and the privilege level can be divided into two or more levels, and each level represents different privilege.
  • the privilege level is divided into an ordinary user level and a super user level, which respectively correspond to an ordinary user and a super user.
  • the super user completes the configuration of all user information by using the above-mentioned file password lock management system 22. As shown in FIG. 6, the super user can perform maintenance on the ordinary user and the super user, including adding or deleting users and modifying the first element of the user.
  • the value and the encryption key of the file password lock, etc., and the encryption key is set by the file password lock management system 22 for the file password lock.
  • the super user adds a user through the file password lock management system 22
  • the first element value of the user is added to the user registration information table, and a file password corresponding to the first element value of the user is generated.
  • Lock when the above superuser passes the above file password lock management system 22
  • the user's file password lock is invalid
  • the super user modifies the user's first through the file password lock management system 22
  • the superuser modifies the encryption key of the file password lock, All file password locks generated by the above superusers are invalid, and the file password lock must be regenerated.
  • the super user can regenerate one of the above file password locks for the ordinary user.
  • FIG. 4 is a functional block diagram of a preferred embodiment of the file password lock recognition system 20 of FIG. 1 in accordance with an embodiment of the present invention.
  • the above-mentioned file password lock recognition system 20 includes one or more modules.
  • the file password lock recognition system 20 includes a decryption module 200, an information matching module 201, a number enable module 202, a number comparison module 203, and a password enablement.
  • the module 204, the password comparison module 205, and the modification module 206 is included in the file password lock recognition system 20.
  • the decryption module 200 is configured to decrypt the file password lock, and the decryption can decrypt the file password lock by the encryption key set by the file password lock management system 22 for the file password lock.
  • the information matching module 201 is configured to determine whether the value of the information identifier in the file password lock corresponds to the information in the electronic device 2.
  • the information identifier includes a device identifier, a user identifier, and a valid identifier.
  • the value of the above device identifier is an identifier (ID) of the corresponding electronic device 2.
  • the value of the above-mentioned user identification refers to the user name of the user who uses the electronic device 2.
  • the value of the above-mentioned valid identifier indicates whether the above-mentioned file password lock is valid. In this embodiment, the value "0" indicates that the file password lock is valid, and the value "1" indicates that the file password lock is invalid.
  • the value of the information identifier in the file password lock does not correspond to the information in the electronic device 2, it indicates that the client 1 cannot match the electronic device 2, and the flow ends.
  • the number-of-times enabling module 202 is configured to determine whether to allow the value of the "number of uses" in the first component element and the second value. The values of the component "number of uses" are compared. In this embodiment, the number-of-times enabling module 202 implements the determination by viewing the value of the number of times of the password lock in the file lock. For example, when the value of the number-of-times enable flag is "1", the number-of-times enabling module 202 determines that the result is a value that allows the "number of uses" in the first component and the value of the second component "number of uses”. comparing.
  • the number-of-times enabling module 202 determines that the result is that the value of the "number of uses" in the first component is prohibited from being compared with the value of the second component "number of uses”. .
  • the file password of the same user in the other client 1 can be implemented.
  • the lock is used at the same time. If you allow the value of "number of uses” in the first component of client 1 When compared with the corresponding value of the second component "number of uses”, the above file password lock is valid only on the client 1, and the file password lock stored in the other client 1 is invalid. Specifically, after the file password lock in the client 1 is used once, the value of the “number of uses” in the first component corresponding to the client 1 and the “number of uses” in the second component are used.
  • the number comparison module 203 is set to store the client 1
  • the value of "number of uses” in the first component is compared with the value of "number of uses” in the corresponding second component.
  • the value of "number of uses” in the first component of the client 1 is different from the value of "number of uses” in the corresponding second component, it indicates that the client 1 cannot match the electronic device 2, and the process ends. .
  • the password enabling module 204 is configured to determine whether to allow the "password” in the first component of the client 1 The value of " is compared with the value of "password” in the corresponding second component.
  • the comparison between the value of the "password” in the first component and the value of the "password” in the corresponding second component is achieved by looking at the password in the password lock of the above file. For example, when the value of the component "password enable flag” is “1”, it means that the value of "password” in the first component element is allowed to be compared with the value of "password” in the corresponding second component. When the value of the component "password enable flag” is "0”, it means that the comparison of the value of "password” in the first component with the value of "password” in the corresponding second component is prohibited.
  • the password comparison module 205 is set to set the "password” in the first component.
  • the value is compared with the value of the "password” in the corresponding second component.
  • the value of "password” in the above first element can be provided to the user to input during the process of using the file password lock.
  • the modification module 206 is configured to synchronously modify the value of the "number of uses” in the first component.
  • the second component corresponds to the value of "number of uses” and re-encrypts the above file lock for the next use.
  • FIG. 5 is a flowchart of a preferred embodiment of a file password lock identification method according to an embodiment of the present invention.
  • step S1 the decryption module 200 decrypts the file password lock, and the decryption can decrypt the file password lock by using the encryption key set by the file password lock management system 22 for the file password lock.
  • step S2 it is determined whether the value of the information identifier in the file password lock corresponds to the information in the electronic device 2 described above.
  • the information identifier includes a device identifier, a user identifier, and a valid identifier.
  • the value of the above device identifier is an identifier (ID) of the corresponding electronic device 2.
  • the value of the above-mentioned user identification refers to the user name of the user who uses the electronic device 2.
  • the value of the above-mentioned valid identifier indicates whether the above-mentioned file password lock is valid. In this embodiment, the value "0" indicates that the file password lock is valid, and the value "1" indicates that the file password lock is invalid.
  • step S3 is performed.
  • step S3 the number-of-times enabling module 202 determines whether or not the value of the "number of uses" in the first component element and the value of the second component "number of uses" are allowed to be compared.
  • the number-of-times enabling module 202 is implemented by viewing the value of the number of times of the password lock in the file password lock. For example, when the value of the number-of-times enable flag is "1", the number-of-times enabling module 202 determines that the result is a value that allows the "number of uses" in the first component and the value of the second component "number of uses”. comparing.
  • step S4 is performed; when “the number of uses” in the first constituent element is prohibited.
  • step S5 is performed.
  • the file password of the same user in the other client 1 can be implemented.
  • the lock is used at the same time. If the value of "number of uses” in the first component of a client 1 is allowed to be compared with the value of the corresponding second component "number of uses”, the above file password lock is valid only on the client 1. The above file password lock stored in other client 1 is invalid. Specifically, after the file password lock in the client 1 is used once, the value of the “number of uses” in the first component corresponding to the client 1 and the “number of uses” in the second component are used.
  • step S4 the number comparison module 203 compares the value of "number of uses” in the first component stored by the client 1 with the value of "number of uses” in the corresponding second component. When the value of "number of uses” in the first component of the client 1 is different from the value of "number of uses” in the corresponding second component, it indicates that the client 1 cannot match the electronic device 2, and the process ends. .
  • step S5 is performed.
  • step S5 the password enabling module 204 determines whether the value of the "password” in the first component in the client 1 is allowed to be compared with the value of the "password” in the corresponding second component. In this embodiment, determining whether to allow the value of the "password” in the first component to be compared with the value of the "password” in the corresponding second component is by viewing the password enable identifier in the password lock of the file. Realized.
  • step S6 When it is allowed to compare the value of the "password” in the first component in the client 1 with the value of the "password” in the corresponding second component, step S6 is performed; when the client 1 is prohibited When the value of the "password” in the first component in the comparison with the value of the "password” in the corresponding second component is performed, step S7 is performed.
  • step S6 the password comparison module 205 compares the value of the "password” in the first component with the value of the "password” in the corresponding second component.
  • the value of "password” in the above first element can be provided to the user to input during the process of using the file password lock.
  • step S7 is performed; when the value of the "password” in the first component is corresponding to the first
  • step S7 the modification module 206 synchronously modifies the value of the "number of uses" in the first component and the value corresponding to the "number of uses” in the second component, and re-encrypts the password lock for the next use.
  • step S5 to step S6 may be performed before step S3, that is, the value of the "password” of the first component element may be compared with the value of the "password” of the second component element, and then performed.
  • the numerical value of the "number of uses" of the first component is compared with the value of the "number of uses" of the second component.
  • the user's authorization manner for the device or the system has both flexibility and security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A method for realizing a file password lock, running on an electronic device (2); the file password lock comprises a count enabling identification and usage count; the method comprising the following steps: if comparing a numerical value of the usage count of the file password lock to a numerical value of the usage counts of a user registration information table in the electronic device (2) is allowed according to a numerical value of the count enabling identification, then comparing the numerical value of the usage count of the file password lock to the numerical value of the usage count of the user registration information table; and if the numerical value of the usage count of the file password lock is different from the numerical value of the usage count of the user registration information table, then forbidding a client (1) connected to the electronic device (2) to be matched to the electronic device (2). Also provided is an electronic device (2) for realizing a file password lock. Users are enabled to authorize a device or system in a flexible and safe manner.

Description

一种实现文件密码锁的方法和电子设备Method and electronic device for realizing file password lock 技术领域Technical field

本发明涉及一种实现文件密码锁的方法和电子设备,尤其涉及一种实现文件密码锁的方法和电子设备。The present invention relates to a method and an electronic device for implementing a file password lock, and more particularly to a method and an electronic device for implementing a file password lock.

背景技术Background technique

随着信息安全技术的发展,人们对设备或系统的安全性越来越重视,设备或系统的使用权限也相应得到控制。根据使用场景的不同,权限授权方式也是多种多样,有密码方式、USBKey方式、短信认证方式、序列号认证方式或是许可证方式等。With the development of information security technology, people pay more and more attention to the security of devices or systems, and the usage rights of devices or systems are also controlled accordingly. Depending on the usage scenario, the authorization method is also various, including password mode, USBKey mode, SMS authentication mode, serial number authentication mode or license mode.

USBKey是一种常用的权限授权方式,拥有物理和密码的双重保险特性,安全性能很高。但对于用户来说,密码信息是同存储载体绑定的,不能复制、传输、修改,所以导致其灵活性较差,同时增加了物理成本。USBKey is a commonly used authorization method with double security features of physical and password, and has high security performance. However, for the user, the password information is bound to the storage carrier and cannot be copied, transmitted, or modified, resulting in poor flexibility and increased physical cost.

许可证也是一种常用的授权方式,主要是实现对软件系统的使用许可,许可证以文件的形式存在,具有很好的灵活性,但其应用范围主要局限在软件领域,使用的用户受限,安全性也不高。License is also a common authorization method, mainly to realize the license to use the software system. The license exists in the form of files and has good flexibility. However, its application scope is mainly limited to the software field, and the users used are limited. The security is not high.

综上上述,现有的权限授权方式不能兼顾灵活性和安全性,给用户的使用带来了一定的限制。In summary, the existing authorization method cannot balance flexibility and security, and imposes certain restrictions on the use of users.

发明内容Summary of the invention

鉴于以上内容,有必要提供一种实现文件密码锁的方法,使得人们对设备或系统的权限授权方式兼具灵活性和安全性。In view of the above, it is necessary to provide a method for implementing file password lock, which makes people's authority for device or system authorization flexible and secure.

同时,有必要提供一种实现文件密码锁的电子设备,使得人们对设备或系统的权限授权方式兼具灵活性和安全性。At the same time, it is necessary to provide an electronic device that implements a file password lock, so that people have the flexibility and security to authorize the device or system.

为解决上述技术问题,本发明实施例提供了一种实现文件密码锁的方法,上述文件密码锁包括次数使能标识和使用次数,该方法包括以下步骤:使用次数对比步骤,若根据上述次数使能标识的数值得出允许将上述文件密码锁的使用次数的数值与上述电子设备中的用户注册信息表的使用次数的数值进行对比,则将上述文件密码锁的使用次数的数值与上述用户注册信息表的使用次数的数值进行对比,当上述文件密码锁 的使用次数的数值与上述用户注册信息表的使用次数数值不相同时,禁止与上述电子设备相连的客户端匹配上述电子设备。In order to solve the above technical problem, an embodiment of the present invention provides a method for implementing a file password lock. The file password lock includes a number of times of enabling identification and a number of uses. The method includes the following steps: a comparison step of using times, if The identifiable value is obtained by comparing the value of the number of times of using the password lock of the above file with the value of the number of uses of the user registration information table in the electronic device, and registering the value of the number of times of using the password lock with the user. The value of the number of times the information table is used for comparison, when the above file password lock When the value of the number of uses is different from the number of times of use of the user registration information table, the client connected to the electronic device is prohibited from matching the electronic device.

本发明实施例还提供了一种实现文件密码锁的电子设备,该电子设备包括第二数据库和处理器,上述第二数据库存储有程序指令,上述文件密码锁包括次数使能标识和使用次数,上述处理器处理上述程序指令以执行以下步骤:使用次数对比步骤,若根据上述次数使能标识的数值得出允许将上述文件密码锁的使用次数的数值与上述电子设备中的用户注册信息表的使用次数的数值进行对比,则将上述文件密码锁的使用次数的数值与上述用户注册信息表的使用次数的数值进行对比,当上述文件密码锁的使用次数的数值与上述用户注册信息表的使用次数数值不相同时,禁止与上述电子设备相连的客户端匹配上述电子设备。The embodiment of the present invention further provides an electronic device for implementing a file password lock, the electronic device includes a second database and a processor, and the second database stores program instructions, where the file password lock includes a number of times of enabling identification and usage times. The processor processes the program instructions to perform the following steps: using the number comparison step, if the value of the number of times the password is locked is obtained according to the number of times the number of times the password is locked, and the user registration information table in the electronic device Comparing the values of the number of use times, comparing the value of the number of times of using the password lock with the value of the number of times of use of the user registration information table, when the value of the number of times of using the password lock and the use of the user registration information table When the number of times is different, the client connected to the electronic device is prohibited from matching the electronic device.

相较于现有技术,采用本发明实施例上述的一种文件密码锁的实现方法和电子设备,可以使用户对设备或系统的授权方式兼具灵活性和安全性。Compared with the prior art, the implementation method and the electronic device of the file password lock according to the embodiment of the present invention can make the user's authorization mode for the device or the system both flexible and secure.

附图说明DRAWINGS

图1是本发明实施例文件密码锁识别系统20的运行环境图。1 is a diagram showing the operating environment of a file password lock recognition system 20 in accordance with an embodiment of the present invention.

图2是本发明实施例图1中文件密码锁的较佳实施例的组成要素表的示意图。2 is a schematic diagram of a component element table of a preferred embodiment of the file combination lock of FIG. 1 in accordance with an embodiment of the present invention.

图3是本发明实施例图1中用户注册信息表的较佳实施例的组成要素表的示意图。3 is a schematic diagram of a component element table of a preferred embodiment of the user registration information table of FIG. 1 according to an embodiment of the present invention.

图4是本发明实施例图1中文件密码锁识别系统20的较佳实施例的功能模块图。4 is a functional block diagram of a preferred embodiment of the file lock lock recognition system 20 of FIG. 1 in accordance with an embodiment of the present invention.

图5是本发明实施例文件密码锁识别方法较佳实施例的流程图。FIG. 5 is a flow chart of a preferred embodiment of a file password lock identification method according to an embodiment of the present invention.

图6是本发明实施例文件密码锁管理系统22的较佳实施例的功能说明框图。FIG. 6 is a functional block diagram of a preferred embodiment of a file password lock management system 22 in accordance with an embodiment of the present invention.

具体实施方式detailed description

如图1所示,图1是本发明实施例文件密码锁识别系统20的运行环境图。上述文件密码锁识别系统20运行于电子设备2中,上述电子设备2包括第二数据库21和文件密码锁管理系统22。本实施例中,上述电子设备2可以是计算机、服务器或平板电脑等,上述电子设备2还可以包括一处理器。上述第二数据库21中存储有用户信息注册表和电子设备2的设备标识。本实施例中,上述用户注册信息表的组成要素包括用户序列号、用户标识、有效标识、使用次数、次数使能标识、密码使能标识、密码及权限等级等(如图3所示)。本实施例中,上述用户注册信息表的组成要素定义为第一 组成要素,上述第一组成要素分别有对应的数值,上述对应的数值定义为第一要素值。上述电子设备2的用户可以为多个用户,每个用户对应一个用户标识。As shown in FIG. 1, FIG. 1 is a diagram showing an operating environment of a file password lock recognition system 20 according to an embodiment of the present invention. The above-described file password lock recognition system 20 operates in the electronic device 2, and the electronic device 2 includes a second database 21 and a file password lock management system 22. In this embodiment, the electronic device 2 may be a computer, a server, or a tablet computer, and the electronic device 2 may further include a processor. The user database registry and the device identifier of the electronic device 2 are stored in the second database 21 described above. In this embodiment, the components of the user registration information table include a user serial number, a user identifier, a valid identifier, a usage count, a number of times enable identifier, a password enable identifier, a password, and a permission level (as shown in FIG. 3). In this embodiment, the component of the user registration information table is defined as the first The constituent elements have the corresponding numerical values of the first constituent elements, and the corresponding numerical values are defined as the first constituent values. The user of the electronic device 2 may be a plurality of users, and each user corresponds to one user identifier.

上述电子设备2通过物理连接或网络连接等连接方式与多个客户端1进行通信,本实施例中,上述多个客户端1可以是磁卡、手机、U盘、移动硬盘或平板电脑等。每个客户端1包括第一数据库10,上述第一数据库10存储了文件密码锁,该文件密码锁是由电子设备2中的文件密码锁管理系统22生成的,一个文件密码锁对应电子设备2的一个用户,同一个用户的文件密码锁可以存储于多个客户端1的第一数据库10中。本实施例中,该文件密码锁是一个加密文件,该加密文件包括多个组成要素,如图2所示,上述组成要素包括信息标识、次数使能标识、使用次数、密码使能标识、密码及权限等级等。本实施例中,上述文件密码锁的组成要素定义为第二组成要素,上述第二组成要素分别有对应的数值,上述对应的数值定义为第二要素值。本实施例中,上述第二组成要素中的信息标识包括设备标识、用户标识和有效标识。The electronic device 2 communicates with a plurality of clients 1 through a connection manner such as a physical connection or a network connection. In this embodiment, the plurality of clients 1 may be a magnetic card, a mobile phone, a USB flash drive, a mobile hard disk, or a tablet computer. Each client 1 includes a first database 10, and the first database 10 stores a file password lock, which is generated by the file password lock management system 22 in the electronic device 2, and a file password lock corresponding to the electronic device 2 One user, the same user's file password lock can be stored in the first database 10 of the plurality of clients 1. In this embodiment, the file password lock is an encrypted file, and the encrypted file includes a plurality of component elements. As shown in FIG. 2, the component elements include an information identifier, a number of times enable identifier, a usage count, a password enable identifier, and a password. And permission levels, etc. In this embodiment, the constituent elements of the file lock are defined as the second component, the second component has a corresponding numerical value, and the corresponding numerical value is defined as the second component value. In this embodiment, the information identifier in the second component includes the device identifier, the user identifier, and the valid identifier.

上述第一组成要素和第二组成要素中对应的组成要素包括:用户标识、有效标识、使用次数、次数使能标识、密码使能标识、密码、权限等级(如图2和图3所示)。其中,上述对应组成要素中:用户标识、有效标识、使用次数、次数使能标识、密码使能标识及权限等级的初始值被设置为相同的数值,例如,图2中用户标识为“zhang”的有效标识、使用次数、次数使能标识、密码使能标识及权限等级与图3中用户标识为“zhang”的有效标识、使用次数、次数使能标识、密码使能标识及权限等级的初始值相同。其中,上述图2中的密码与图3中对应的密码的初始值是不同的,本实施例中,图2中密码的初始值为空(null),图3中密码的初始值不为空。The corresponding constituent elements of the first component element and the second component element include: a user identifier, a valid identifier, a usage count, a number of times enable identifier, a password enable identifier, a password, and a permission level (as shown in FIG. 2 and FIG. 3). . The initial values of the user identifier, the valid identifier, the number of times of use, the number of times enable identifier, the password enable identifier, and the permission level are set to the same value. For example, the user identifier in FIG. 2 is “zhang”. The effective identification, the number of times of use, the number of times enable identification, the password enable identifier, and the permission level are the initial identification, usage count, number of times enable identifier, password enable identifier, and initial level of the permission level of the user identifier "zhang" in FIG. The values are the same. The password in FIG. 2 is different from the initial value of the password in FIG. 3. In this embodiment, the initial value of the password in FIG. 2 is null, and the initial value of the password in FIG. 3 is not null. .

通过配置上述文件密码锁的密码使能标识,可以允许或禁止对上述文件密码锁进行密码对比,如果允许对上述文件密码锁进行密码对比,则上述文件密码锁中的密码与上述用户注册信息表中的密码进行对比,查看上述两个密码是否一致。By configuring the password enable identifier of the file password lock, the password lock of the file lock can be allowed or prohibited. If the password lock of the file lock is allowed, the password in the password lock and the user registration information table are Compare the passwords in the file to see if the two passwords are consistent.

上述权限等级代表上述文件密码锁对应的用户所拥有的权限,上述权限等级可以分为两个或两个以上的等级,每个等级分别代表拥有不同的权限。本实施例中,权限等级分为普通用户等级和超级用户等级,分别对应普通用户和超级用户。上述超级用户通过上述文件密码锁管理系统22完成对所有用户信息的配置,如图6所示,超级用户可以对上述普通用户和超级用户进行维护,包括增加或删除用户、修改用户的第一要素值及修改文件密码锁的加密秘钥等,上述加密密钥是上述文件密码锁管理系统22对上述文件密码锁设置的。当上述超级用户通过上述文件密码锁管理系统22新增用户时,会在上述用户注册信息表中增加该用户的上述第一要素值,同时生成与该用户的上述第一要素值对应的文件密码锁;当上述超级用户通过上述文件密码锁管理系统22 删除用户时,则上述用户注册信息表中该用户的第一要素值被删除,与此同时,该用户的文件密码锁失效;当上述超级用户通过上述文件密码锁管理系统22修改用户的第一要素值时,则该用户在该修改之前的文件密码锁失效,必须由上述超级用户重新为该用户生成一个新的文件密码锁;当上述超级用户修改上述文件密码锁的加密密钥,则之前由上述超级用户生成的所有文件密码锁全部失效,必须要重新生成文件密码锁。当普通用户的上述文件密码锁丢失时,超级用户可以为该普通用户重新生成一个上述文件密码锁。The above privilege level represents the privilege of the user corresponding to the password lock of the above file, and the privilege level can be divided into two or more levels, and each level represents different privilege. In this embodiment, the privilege level is divided into an ordinary user level and a super user level, which respectively correspond to an ordinary user and a super user. The super user completes the configuration of all user information by using the above-mentioned file password lock management system 22. As shown in FIG. 6, the super user can perform maintenance on the ordinary user and the super user, including adding or deleting users and modifying the first element of the user. The value and the encryption key of the file password lock, etc., and the encryption key is set by the file password lock management system 22 for the file password lock. When the super user adds a user through the file password lock management system 22, the first element value of the user is added to the user registration information table, and a file password corresponding to the first element value of the user is generated. Lock; when the above superuser passes the above file password lock management system 22 When the user is deleted, the first element value of the user in the user registration information table is deleted, and at the same time, the user's file password lock is invalid; when the super user modifies the user's first through the file password lock management system 22 In the case of the feature value, the user's file password lock before the modification is invalid, and the superuser must re-generate a new file password lock for the user; when the superuser modifies the encryption key of the file password lock, All file password locks generated by the above superusers are invalid, and the file password lock must be regenerated. When the above file password lock of the ordinary user is lost, the super user can regenerate one of the above file password locks for the ordinary user.

如图4所示,图4是本发明实施例图1中文件密码锁识别系统20的较佳实施例的功能模块图。上述文件密码锁识别系统20包括一个或多个模块,本实施例中,上述文件密码锁识别系统20包括解密模块200、信息匹配模块201、次数使能模块202、次数对比模块203、密码使能模块204、密码对比模块205及修改模块206。As shown in FIG. 4, FIG. 4 is a functional block diagram of a preferred embodiment of the file password lock recognition system 20 of FIG. 1 in accordance with an embodiment of the present invention. The above-mentioned file password lock recognition system 20 includes one or more modules. In this embodiment, the file password lock recognition system 20 includes a decryption module 200, an information matching module 201, a number enable module 202, a number comparison module 203, and a password enablement. The module 204, the password comparison module 205, and the modification module 206.

上述解密模块200设置为对文件密码锁进行解密,上述解密可以通过上述文件密码锁管理系统22对文件密码锁设置的加密密钥对文件密码锁进行解密。The decryption module 200 is configured to decrypt the file password lock, and the decryption can decrypt the file password lock by the encryption key set by the file password lock management system 22 for the file password lock.

上述信息匹配模块201设置为判断文件密码锁中的信息标识的数值是否与上述电子设备2中的信息对应。本实施例中,上述信息标识包括设备标识、用户标识及有效标识。上述设备标识的数值为对应电子设备2的标识符(identifier,ID)。上述用户标识的数值指的是电子设备2的使用用户的用户名。上述有效标识的数值表示上述文件密码锁是否有效,本实施例中,数值“0”表示该文件密码锁有效,数值“1”表示该文件密码锁失效。当上述文件密码锁中的信息标识的数值与上述电子设备2中的信息不对应时,表示上述客户端1无法匹配上述电子设备2,结束流程。The information matching module 201 is configured to determine whether the value of the information identifier in the file password lock corresponds to the information in the electronic device 2. In this embodiment, the information identifier includes a device identifier, a user identifier, and a valid identifier. The value of the above device identifier is an identifier (ID) of the corresponding electronic device 2. The value of the above-mentioned user identification refers to the user name of the user who uses the electronic device 2. The value of the above-mentioned valid identifier indicates whether the above-mentioned file password lock is valid. In this embodiment, the value "0" indicates that the file password lock is valid, and the value "1" indicates that the file password lock is invalid. When the value of the information identifier in the file password lock does not correspond to the information in the electronic device 2, it indicates that the client 1 cannot match the electronic device 2, and the flow ends.

当上述文件密码锁中的信息标识的数值与上述电子设备2中的信息对应时,上述次数使能模块202设置为判断是否允许将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比。本实施例中,上述次数使能模块202是通过查看上述文件密码锁中的次数使能标识的数值来实现判断的。例如,当次数使能标识的数值为“1”时,上述次数使能模块202判断结果为允许将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比。当次数使能标识的数值为“0”时,上述次数使能模块202判断结果为禁止将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比。When the value of the information identifier in the file password lock corresponds to the information in the electronic device 2, the number-of-times enabling module 202 is configured to determine whether to allow the value of the "number of uses" in the first component element and the second value. The values of the component "number of uses" are compared. In this embodiment, the number-of-times enabling module 202 implements the determination by viewing the value of the number of times of the password lock in the file lock. For example, when the value of the number-of-times enable flag is "1", the number-of-times enabling module 202 determines that the result is a value that allows the "number of uses" in the first component and the value of the second component "number of uses". comparing. When the value of the number-of-times enable flag is "0", the number-of-times enabling module 202 determines that the result is that the value of the "number of uses" in the first component is prohibited from being compared with the value of the second component "number of uses". .

当禁止一个客户端1中的第一组成要素中的“使用次数”的数值和对应的第二组成要素“使用次数”的数值进行对比时,可以实现其他客户端1中的同一用户的文件密码锁同时使用。如果允许一个客户端1中的第一组成要素中的“使用次数”的数值 和对应的第二组成要素“使用次数”的数值进行对比时,上述文件密码锁只有在该客户端1上为有效,其他客户端1中存储的上述文件密码锁失效。具体而言,当上述客户端1中的文件密码锁被使用了一次以后,上述客户端1对应的第一组成要素中的“使用次数”的数值与第二组成要素中的“使用次数”的数值同时加1,导致其他客户端1对应的第一组成要素中的“使用次数”数值不与第二组成要素的“使用次数”数值一致,因此上述其他客户端1中的文件密码锁全部失效,进而实现上述文件密码锁在使用上的唯一性。When the value of "number of uses" in the first component in one client 1 is prohibited from being compared with the value of the corresponding second component "number of uses", the file password of the same user in the other client 1 can be implemented. The lock is used at the same time. If you allow the value of "number of uses" in the first component of client 1 When compared with the corresponding value of the second component "number of uses", the above file password lock is valid only on the client 1, and the file password lock stored in the other client 1 is invalid. Specifically, after the file password lock in the client 1 is used once, the value of the “number of uses” in the first component corresponding to the client 1 and the “number of uses” in the second component are used. When the value is incremented by 1, the value of "number of uses" in the first component corresponding to other client 1 is not consistent with the value of "number of uses" of the second component, so all the file password locks in the other client 1 are invalid. In turn, the uniqueness of the above file password lock is achieved.

当允许一个客户端1中的第一组成要素中的“使用次数”的数值和对应的第二组成要素“使用次数”的数值进行对比时,上述次数对比模块203设置为将该客户端1存储的第一组成要素中的“使用次数”的数值与对应的第二组成要素中的“使用次数”的数值进行对比。当客户端1的第一组成要素中的“使用次数”的数值与对应的第二组成要素中的“使用次数”的数值不相同时,表示上述客户端1无法匹配上述电子设备2,结束流程。When the value of "number of uses" in the first component in one client 1 is allowed to be compared with the value of the corresponding second component "number of uses", the number comparison module 203 is set to store the client 1 The value of "number of uses" in the first component is compared with the value of "number of uses" in the corresponding second component. When the value of "number of uses" in the first component of the client 1 is different from the value of "number of uses" in the corresponding second component, it indicates that the client 1 cannot match the electronic device 2, and the process ends. .

当客户端1的第一组成要素中的“使用次数”的数值与对应的第二组成要素中的“使用次数”的数值相同时(例如:客户端1中用户标识为“zhang”的第一组成要素中的“使用次数”数值为2,上述第二组成要素中用户标识为“zhang”对应的“使用次数”数值也为2),或当禁止一个客户端1中的第一组成要素中的“使用次数”的数值和对应的第二组成要素“使用次数”的数值进行对比时,上述密码使能模块204设置为判断是否允许将上述客户端1中的第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比。本实施例中,上述第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值对比是通过查看上述文件密码锁中的密码来实现的。例如,当组成要素“密码使能标识”的数值为“1”时,表示允许将第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比。当组成要素“密码使能标识”的数值为“0”时,表示禁止将第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比。When the value of "number of uses" in the first component of the client 1 is the same as the value of "number of uses" in the corresponding second component (for example, the first user ID in the client 1 is "zhang") The value of "number of uses" in the component is 2, and the value of "number of uses" corresponding to the user identifier "zhang" in the second component is also 2), or when the first component in a client 1 is prohibited. When the value of the "number of uses" is compared with the value of the corresponding second component "number of uses", the password enabling module 204 is configured to determine whether to allow the "password" in the first component of the client 1 The value of " is compared with the value of "password" in the corresponding second component. In this embodiment, the comparison between the value of the "password" in the first component and the value of the "password" in the corresponding second component is achieved by looking at the password in the password lock of the above file. For example, when the value of the component "password enable flag" is "1", it means that the value of "password" in the first component element is allowed to be compared with the value of "password" in the corresponding second component. When the value of the component "password enable flag" is "0", it means that the comparison of the value of "password" in the first component with the value of "password" in the corresponding second component is prohibited.

当允许将第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比时,上述密码对比模块205设置为将第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比。上述第一要素中“密码”的数值可以提供给用户在使用文件密码锁的过程中输入。当第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值相同时,上述修改模块206用来同步修改上述第一组成要素中“使用次数”的数值和第二组成要素中对应“使用次数”的数值,并对上述文件密码锁重新加密以供下次使用。 When the value of the "password" in the first component is allowed to be compared with the value of the "password" in the corresponding second component, the password comparison module 205 is set to set the "password" in the first component. The value is compared with the value of the "password" in the corresponding second component. The value of "password" in the above first element can be provided to the user to input during the process of using the file password lock. When the value of the "password" in the first component is the same as the value of the "password" in the corresponding second component, the modification module 206 is configured to synchronously modify the value of the "number of uses" in the first component. The second component corresponds to the value of "number of uses" and re-encrypts the above file lock for the next use.

当当第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值不同时,则表示上述客户端1无法匹配上述电子设备2,结束流程。When the value of the "password" in the first component is different from the value of the "password" in the corresponding second component, it means that the client 1 cannot match the electronic device 2, and the flow is ended.

如图5所示,图5是本发明实施例文件密码锁识别方法较佳实施例的流程图。As shown in FIG. 5, FIG. 5 is a flowchart of a preferred embodiment of a file password lock identification method according to an embodiment of the present invention.

步骤S1,上述解密模块200对文件密码锁进行解密,上述解密可以通过上述文件密码锁管理系统22对文件密码锁设置的加密密钥对文件密码锁进行解密。In step S1, the decryption module 200 decrypts the file password lock, and the decryption can decrypt the file password lock by using the encryption key set by the file password lock management system 22 for the file password lock.

步骤S2,判断文件密码锁中的信息标识的数值是否与上述电子设备2中的信息对应。本实施例中,上述信息标识包括设备标识、用户标识及有效标识。上述设备标识的数值为对应电子设备2的标识符(identifier,ID)。上述用户标识的数值指的是电子设备2的使用用户的用户名。上述有效标识的数值表示上述文件密码锁是否有效,本实施例中,数值“0”表示该文件密码锁有效,数值“1”表示该文件密码锁失效。当上述文件密码锁中的信息标识的数值与上述电子设备2中的信息不对应时,则结束流程。当上述文件密码锁中的信息标识的数值与上述电子设备2中的信息对应时,执行步骤S3。In step S2, it is determined whether the value of the information identifier in the file password lock corresponds to the information in the electronic device 2 described above. In this embodiment, the information identifier includes a device identifier, a user identifier, and a valid identifier. The value of the above device identifier is an identifier (ID) of the corresponding electronic device 2. The value of the above-mentioned user identification refers to the user name of the user who uses the electronic device 2. The value of the above-mentioned valid identifier indicates whether the above-mentioned file password lock is valid. In this embodiment, the value "0" indicates that the file password lock is valid, and the value "1" indicates that the file password lock is invalid. When the value of the information identifier in the file password lock does not correspond to the information in the electronic device 2, the flow ends. When the value of the information identifier in the file password lock corresponds to the information in the electronic device 2, step S3 is performed.

步骤S3,上述次数使能模块202判断是否允许将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比。本实施例中,上述次数使能模块202是通过查看上述文件密码锁中的次数使能标识的数值来实现的。例如,当次数使能标识的数值为“1”时,上述次数使能模块202判断结果为允许将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比。当次数使能标识的数值为“0”时,上述次数使能模块202判断结果为禁止将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比。当允许将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比时,则执行步骤S4;当禁止将上述第一组成要素中的“使用次数”的数值和第二组成要素“使用次数”的数值进行对比时,则执行步骤S5。In step S3, the number-of-times enabling module 202 determines whether or not the value of the "number of uses" in the first component element and the value of the second component "number of uses" are allowed to be compared. In this embodiment, the number-of-times enabling module 202 is implemented by viewing the value of the number of times of the password lock in the file password lock. For example, when the value of the number-of-times enable flag is "1", the number-of-times enabling module 202 determines that the result is a value that allows the "number of uses" in the first component and the value of the second component "number of uses". comparing. When the value of the number-of-times enable flag is "0", the number-of-times enabling module 202 determines that the result is that the value of the "number of uses" in the first component is prohibited from being compared with the value of the second component "number of uses". . When it is allowed to compare the value of the "number of uses" in the first constituent element with the value of the second component "number of uses", step S4 is performed; when "the number of uses" in the first constituent element is prohibited When the value is compared with the value of the second component "number of uses", step S5 is performed.

当禁止一个客户端1中的第一组成要素中的“使用次数”的数值和对应的第二组成要素“使用次数”的数值进行对比时,可以实现其他客户端1中的同一用户的文件密码锁同时使用。如果允许一个客户端1中的第一组成要素中的“使用次数”的数值和对应的第二组成要素“使用次数”的数值进行对比时,上述文件密码锁只有在该客户端1上为有效,其他客户端1中存储的上述文件密码锁失效。具体而言,当上述客户端1中的文件密码锁被使用了一次以后,上述客户端1对应的第一组成要素中的“使用次数”的数值与第二组成要素中的“使用次数”的数值同时加1,导致其他客户端1对应的第一组成要素中的“使用次数”数值不与第二组成要素的“使用次数”数值一 致,因此上述其他客户端1中的文件密码锁全部失效,进而实现上述文件密码锁在使用上的唯一性。When the value of "number of uses" in the first component in one client 1 is prohibited from being compared with the value of the corresponding second component "number of uses", the file password of the same user in the other client 1 can be implemented. The lock is used at the same time. If the value of "number of uses" in the first component of a client 1 is allowed to be compared with the value of the corresponding second component "number of uses", the above file password lock is valid only on the client 1. The above file password lock stored in other client 1 is invalid. Specifically, after the file password lock in the client 1 is used once, the value of the “number of uses” in the first component corresponding to the client 1 and the “number of uses” in the second component are used. When the value is incremented by 1, the value of "number of uses" in the first component corresponding to other client 1 is not equal to the value of "number of uses" of the second component. Therefore, the file password locks in the other clients 1 above are all invalidated, thereby realizing the uniqueness of the above file password locks in use.

步骤S4,上述次数对比模块203将该客户端1存储的第一组成要素中的“使用次数”的数值与对应的第二组成要素中的“使用次数”的数值进行对比。当客户端1的第一组成要素中的“使用次数”的数值与对应的第二组成要素中的“使用次数”的数值不相同时,表示上述客户端1无法匹配上述电子设备2,结束流程。当客户端1的第一组成要素中的“使用次数”的数值与对应的第二组成要素中的“使用次数”的数值相同时(例如:客户端1中用户标识为“zhang”的第一组成要素中的“使用次数”数值为2,上述第二组成要素中用户标识为“zhang”对应的“使用次数”数值也为2),则执行步骤S5。In step S4, the number comparison module 203 compares the value of "number of uses" in the first component stored by the client 1 with the value of "number of uses" in the corresponding second component. When the value of "number of uses" in the first component of the client 1 is different from the value of "number of uses" in the corresponding second component, it indicates that the client 1 cannot match the electronic device 2, and the process ends. . When the value of "number of uses" in the first component of the client 1 is the same as the value of "number of uses" in the corresponding second component (for example, the first user ID in the client 1 is "zhang") The "number of uses" value in the component is 2, and the value of "number of uses" corresponding to the user identifier "zhang" in the second component is also 2), and step S5 is performed.

步骤S5,上述密码使能模块204判断是否允许将上述客户端1中的第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比。本实施例中,判断是否允许上述第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比是通过查看上述文件密码锁中的密码使能标识来实现的。例如,当组成要素“密码使能标识”的数值为“1”时,表示允许将第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比;当组成要素“密码使能标识”的数值为“0”时,表示禁止将第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比。当允许将上述客户端1中的第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比时,则执行步骤S6;当禁止将上述客户端1中的第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比时则执行步骤S7。In step S5, the password enabling module 204 determines whether the value of the "password" in the first component in the client 1 is allowed to be compared with the value of the "password" in the corresponding second component. In this embodiment, determining whether to allow the value of the "password" in the first component to be compared with the value of the "password" in the corresponding second component is by viewing the password enable identifier in the password lock of the file. Realized. For example, when the value of the component "password enable flag" is "1", it means that the value of "password" in the first component element is allowed to be compared with the value of "password" in the corresponding second component element; When the value of the component "password enable flag" is "0", it means that the comparison of the value of "password" in the first component with the value of "password" in the corresponding second component is prohibited. When it is allowed to compare the value of the "password" in the first component in the client 1 with the value of the "password" in the corresponding second component, step S6 is performed; when the client 1 is prohibited When the value of the "password" in the first component in the comparison with the value of the "password" in the corresponding second component is performed, step S7 is performed.

步骤S6,上述密码对比模块205将第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值进行对比。上述第一要素中“密码”的数值可以提供给用户在使用文件密码锁的过程中输入。当第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值相同时,则执行步骤S7;当第一组成要素中的“密码”的数值与对应的第二组成要素中的“密码”的数值不相同时,则流程结束。In step S6, the password comparison module 205 compares the value of the "password" in the first component with the value of the "password" in the corresponding second component. The value of "password" in the above first element can be provided to the user to input during the process of using the file password lock. When the value of the "password" in the first component is the same as the value of the "password" in the corresponding second component, step S7 is performed; when the value of the "password" in the first component is corresponding to the first When the values of "passwords" in the two components are different, the flow ends.

步骤S7,上述修改模块206同步修改上述第一组成要素中“使用次数”的数值和第二组成要素中对应“使用次数”的数值,并对上述文件密码锁重新加密以供下次使用。In step S7, the modification module 206 synchronously modifies the value of the "number of uses" in the first component and the value corresponding to the "number of uses" in the second component, and re-encrypts the password lock for the next use.

上述步骤中,步骤S5至步骤S6可在步骤S3之前执行,即可以先进行上述第一组成要素的“密码”的数值与上述第二组成要素的“密码”的数值的对比,再进行上 述第一组成要素的“使用次数”的数值与上述第二组成要素的“使用次数”的数值的对比。In the above steps, step S5 to step S6 may be performed before step S3, that is, the value of the "password" of the first component element may be compared with the value of the "password" of the second component element, and then performed. The numerical value of the "number of uses" of the first component is compared with the value of the "number of uses" of the second component.

以上实施例仅用以说明本发明的技术方案而非限制,尽管参照以上较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或等同替换都不应脱离本发明技术方案的精神和范围。The above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to be limiting, and the present invention will be described in detail with reference to the preferred embodiments thereof, and those skilled in the art should understand that the technical solutions of the present invention may be modified or substituted. Neither should the spirit and scope of the technical solutions of the present invention be deviated.

工业实用性Industrial applicability

基于本发明实施例提供的上述技术方案,使得用户对设备或系统的授权方式兼具灵活性和安全性。 Based on the foregoing technical solutions provided by the embodiments of the present invention, the user's authorization manner for the device or the system has both flexibility and security.

Claims (14)

一种文件密码锁的实现方法,该方法运行于电子设备上,所述文件密码锁包括次数使能标识和使用次数,所述方法包括:A method for implementing a file password lock, the method running on an electronic device, wherein the file password lock includes a number of times of enabling identification and a number of uses, the method comprising: 使用次数对比步骤,若根据所述次数使能标识的数值得出允许将所述文件密码锁的使用次数的数值与所述电子设备中的用户注册信息表的使用次数的数值进行对比,则将所述文件密码锁的使用次数的数值与所述用户注册信息表的使用次数的数值进行对比,当所述文件密码锁的使用次数的数值与所述用户注册信息表的使用次数数值不相同时,禁止与所述电子设备相连的客户端匹配所述电子设备。The number-of-use comparison step, if the value of the number of times of the number of times the password is allowed to be used is compared with the value of the number of times the user registration information table is used in the electronic device, The value of the number of times the file password lock is used is compared with the value of the number of times the user registration information table is used, when the value of the number of times the file password lock is used is different from the number of times the user registration information table is used. The client connected to the electronic device is prohibited from matching the electronic device. 根据权利要求1所述的一种文件密码锁的实现方法,其中,所述方法还包括:The method for implementing a file password lock according to claim 1, wherein the method further comprises: 修改步骤,当所述文件密码锁的使用次数的数值与所述用户注册信息表的使用次数的数值相同时,将所述文件密码锁的使用次数的数值和所述用户注册信息表的使用次数的数值都增加1。a modifying step of, when the value of the number of times of using the file password lock is the same as the value of the number of times of using the user registration information table, the value of the number of times the file password lock is used and the number of times the user registration information table is used The value of each is increased by 1. 根据权利要求2所述的一种文件密码锁的实现方法,其中,该方法在所述修改步骤之前,还包括:The method for implementing a file password lock according to claim 2, wherein before the modifying step, the method further comprises: 密码对比步骤,若根据所述文件密码锁中的密码使能标识的数值得出允许将所述文件密码锁中的密码的数值与对应的所述用户注册表中的密码的数值进行对比时,当所述文件密码锁中的密码的数值与对应的所述用户注册信息表中的密码的数值不相同时,禁止与所述电子设备相连的客户端匹配所述电子设备。a password comparison step, if the value of the password enable identifier in the password lock is allowed to compare the value of the password in the password lock with the value of the password in the corresponding user registry, When the value of the password in the file password lock is different from the value of the password in the corresponding user registration information table, the client connected to the electronic device is prohibited from matching the electronic device. 根据权利要求1所述的一种文件密码锁的实现方法,其中,所述文件密码锁的组成要素还包括:信息标识、密码使能标识、密码及权限等级,所述信息标识包括设备标识、用户标识及有效标识,所述用户注册信息表的组成要素包括:用户标识、有效标识、次数使能标识、使用次数、密码使能标识、密码及权限等级。The method for implementing a file password lock according to claim 1, wherein the component of the file password lock further comprises: an information identifier, a password enable identifier, a password, and a permission level, wherein the information identifier includes a device identifier, The user identifier and the valid identifier, the components of the user registration information table include: a user identifier, a valid identifier, a number of times enable identifier, a number of uses, a password enable identifier, a password, and a permission level. 根据权利要求1所述的一种文件密码锁的实现方法,其中,所述文件密码锁存储于客户端上,同一用户的所述文件密码锁存储于多个客户端上。The method for implementing a file password lock according to claim 1, wherein the file password lock is stored on a client, and the file password lock of the same user is stored on a plurality of clients. 根据权利要求1所述的一种文件密码锁的实现方法,其中,在所述使用次数对比步骤之前,还包括: The method for implementing a file password lock according to claim 1, wherein before the step of comparing the number of uses, the method further comprises: 解密步骤,通过文件密码锁管理系统对所述文件密码锁预先设定的加密密钥,对所述文件密码锁进行解密。In the decrypting step, the file password lock is decrypted by the file encryption lock management system pre-setting the encryption key for the file password lock. 根据权利要求4所述的一种文件密码锁的实现方法,其中,在所述使用次数对比步骤之前,还包括以下步骤:The method for implementing a file password lock according to claim 4, further comprising the following steps before the step of comparing the number of uses: 信息匹配步骤,将所述文件密码锁的信息标识的数值与所述电子设备中的信息进行对比,当所述文件密码锁的信息标识的数值与所述的电子设备中的信息不相同时,禁止与所述电子设备相连的客户端匹配所述电子设备,所述电子设备中的信息包括设备标识、用户标识及有效标识。The information matching step is to compare the value of the information identifier of the file password lock with the information in the electronic device, when the value of the information identifier of the file password lock is different from the information in the electronic device, The client connected to the electronic device is prohibited from matching the electronic device, and the information in the electronic device includes a device identifier, a user identifier, and a valid identifier. 一种实现文件密码锁的电子设备,包括第二数据库和处理器,所述第二数据库存储有程序指令,所述文件密码锁包括次数使能标识和使用次数,所述处理器处理所述程序指令以执行以下步骤:An electronic device for implementing a file password lock, comprising a second database and a processor, wherein the second database stores program instructions, the file password lock includes a number of times enable identification and a number of uses, and the processor processes the program Direct the instructions to perform the following steps: 使用次数对比步骤,若根据所述次数使能标识的数值得出允许将所述文件密码锁的使用次数的数值与所述电子设备中的用户注册信息表的使用次数的数值进行对比,则将所述文件密码锁的使用次数的数值与所述用户注册信息表的使用次数的数值进行对比,当所述文件密码锁的使用次数的数值与所述用户注册信息表的使用次数数值不相同时,禁止与所述电子设备相连的客户端匹配所述电子设备。The number-of-use comparison step, if the value of the number of times of the number of times the password is allowed to be used is compared with the value of the number of times the user registration information table is used in the electronic device, The value of the number of times the file password lock is used is compared with the value of the number of times the user registration information table is used, when the value of the number of times the file password lock is used is different from the number of times the user registration information table is used. The client connected to the electronic device is prohibited from matching the electronic device. 根据权利要求8所述的一种实现文件密码锁的电子设备,其中,所述处理器还通过处理所述程序指令执行以下步骤:An electronic device implementing a file password lock according to claim 8, wherein said processor further performs the following steps by processing said program instructions: 修改步骤,当所述文件密码锁的使用次数的数值与所述用户注册信息表的使用次数的数值相同时,将所述文件密码锁的使用次数的数值和所述用户注册信息表的使用次数的数值都增加1。a modifying step of, when the value of the number of times of using the file password lock is the same as the value of the number of times of using the user registration information table, the value of the number of times the file password lock is used and the number of times the user registration information table is used The value of each is increased by 1. 根据权利要求9所述的一种实现文件密码锁的电子设备,其中,所述处理器还通过处理所述程序指令在执行所述修改步骤之前,执行以下步骤:An electronic device implementing a file lock according to claim 9, wherein said processor further performs the following steps before said performing said modifying step by processing said program instruction: 密码对比步骤,若根据所述文件密码锁中的密码使能标识的数值得出允许将所述文件密码锁中的密码的数值与对应的所述用户注册表中的密码的数值进行对比时,当所述文件密码锁中的密码的数值与对应的所述用户注册信息表中的密码的数值不相同时,禁止与所述电子设备相连的客户端匹配所述电子设备。a password comparison step, if the value of the password enable identifier in the password lock is allowed to compare the value of the password in the password lock with the value of the password in the corresponding user registry, When the value of the password in the file password lock is different from the value of the password in the corresponding user registration information table, the client connected to the electronic device is prohibited from matching the electronic device. 根据权利要求8所述的一种实现文件密码锁的电子设备,其中,所述文件密码锁的组成要素还包括:信息标识、密码使能标识、密码及权限等级,所述信息 标识包括设备标识、用户标识及有效标识,所述用户注册信息表的组成要素包括:用户标识、有效标识、次数使能标识、使用次数、密码使能标识、密码及权限等级。The electronic device for implementing a file password lock according to claim 8, wherein the component of the file password lock further comprises: an information identifier, a password enable identifier, a password, and a permission level, and the information The identifier includes a device identifier, a user identifier, and a valid identifier. The components of the user registration information table include: a user identifier, a valid identifier, a number of times enable identifier, a number of uses, a password enable identifier, a password, and a permission level. 根据权利要求8所述的一种实现文件密码锁的电子设备,其中,所述文件密码锁存储于客户端上,同一用户的所述文件密码锁存储于多个客户端上。The electronic device for implementing a file password lock according to claim 8, wherein the file password lock is stored on the client, and the file password lock of the same user is stored on the plurality of clients. 根据权利要求8所述的一种实现文件密码锁的电子设备,其中,所述处理器通过处理所述程序指令在执行所述使用次数对比步骤之前,还执行以下步骤:The electronic device implementing the file password lock according to claim 8, wherein the processor further performs the following steps before the step of comparing the number of uses is performed by processing the program instruction: 解密步骤,通过文件密码锁管理系统对所述文件密码锁预先设定的加密密钥,对所述文件密码锁进行解密;Decrypting step, decrypting the file password lock by using a file encryption key to pre-set an encryption key for the file password lock; 根据权利要求11所述的一种实现文件密码锁的电子设备,其中,所述处理器通过处理所述程序指令在执行所述使用次数对比步骤之前,还执行以下步骤:The electronic device implementing the file password lock according to claim 11, wherein the processor further performs the following steps before the step of comparing the number of uses is performed by processing the program instruction: 信息匹配步骤,将所述文件密码锁的信息标识的数值与所述电子设备中的信息进行对比,当所述文件密码锁的信息标识的数值与所述的电子设备中的信息不相同时,禁止与所述电子设备相连的客户端匹配所述电子设备,所述电子设备中的信息包括设备标识、用户标识及有效标识。 The information matching step is to compare the value of the information identifier of the file password lock with the information in the electronic device, when the value of the information identifier of the file password lock is different from the information in the electronic device, The client connected to the electronic device is prohibited from matching the electronic device, and the information in the electronic device includes a device identifier, a user identifier, and a valid identifier.
PCT/CN2015/076099 2014-11-17 2015-04-08 Method and electronic device for realizing file password lock Ceased WO2016078294A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410652940.9 2014-11-17
CN201410652940.9A CN105678178A (en) 2014-11-17 2014-11-17 Method and electronic equipment realizing file coded lock

Publications (1)

Publication Number Publication Date
WO2016078294A1 true WO2016078294A1 (en) 2016-05-26

Family

ID=56013178

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/076099 Ceased WO2016078294A1 (en) 2014-11-17 2015-04-08 Method and electronic device for realizing file password lock

Country Status (2)

Country Link
CN (1) CN105678178A (en)
WO (1) WO2016078294A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101329709A (en) * 2008-08-01 2008-12-24 北京航空航天大学 A system and method for data security migration
CN101470778A (en) * 2007-12-28 2009-07-01 Ge医疗系统环球技术有限公司 Method and system for protecting patient data
US20090205017A1 (en) * 2008-02-07 2009-08-13 Canon Kabushiki Kaisha Appropriate control of access right to access a document within set number of accessible times
CN103164661A (en) * 2013-01-30 2013-06-19 北京忆捷信通科技有限公司 Device and method used for managing data in terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103684878B (en) * 2013-12-30 2017-01-25 大唐移动通信设备有限公司 Operating command parameter control method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101470778A (en) * 2007-12-28 2009-07-01 Ge医疗系统环球技术有限公司 Method and system for protecting patient data
US20090205017A1 (en) * 2008-02-07 2009-08-13 Canon Kabushiki Kaisha Appropriate control of access right to access a document within set number of accessible times
CN101329709A (en) * 2008-08-01 2008-12-24 北京航空航天大学 A system and method for data security migration
CN103164661A (en) * 2013-01-30 2013-06-19 北京忆捷信通科技有限公司 Device and method used for managing data in terminal

Also Published As

Publication number Publication date
CN105678178A (en) 2016-06-15

Similar Documents

Publication Publication Date Title
CA3173681C (en) Data security service
CN109792386B (en) Method and apparatus for trusted computing
US9805350B2 (en) System and method for providing access of digital contents to offline DRM users
TWI578749B (en) Methods and apparatus for migrating keys
EP2731040B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
EP3014847B1 (en) Secure hybrid file-sharing system
US8997198B1 (en) Techniques for securing a centralized metadata distributed filesystem
US9721071B2 (en) Binding of cryptographic content using unique device characteristics with server heuristics
US9846778B1 (en) Encrypted boot volume access in resource-on-demand environments
US20180183586A1 (en) Assigning user identity awareness to a cryptographic key
WO2018076761A1 (en) Block chain-based transaction permission control method and system, electronic device, and storage medium
US20150256518A1 (en) Scalable and Secure Key Management for Cryptographic Data Processing
EP3887979A1 (en) Personalized and cryptographically secure access control in operating systems
CN113545006A (en) Remotely authorize access to locked data storage devices
US20150143107A1 (en) Data security tools for shared data
US20150381610A1 (en) Location-based data security
US20140229732A1 (en) Data security service
CN103561034A (en) Secure file sharing system
CN104216907A (en) Method, device and system for providing database access control
CN113316915A (en) Unlocking a data storage device
CN113383511A (en) Recovery key for unlocking a data storage device
CN113260992A (en) Multi-device unlocking of data storage devices
CN113383510A (en) Multi-role unlocking of data storage devices
CN114221762A (en) Private key storage method, private key reading method, private key management device, private key management equipment and private key storage medium
US11316658B2 (en) System and method for securing a database by scrambling data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15860796

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15860796

Country of ref document: EP

Kind code of ref document: A1