[go: up one dir, main page]

CN104836660A - Password management method and system - Google Patents

Password management method and system Download PDF

Info

Publication number
CN104836660A
CN104836660A CN201410048642.9A CN201410048642A CN104836660A CN 104836660 A CN104836660 A CN 104836660A CN 201410048642 A CN201410048642 A CN 201410048642A CN 104836660 A CN104836660 A CN 104836660A
Authority
CN
China
Prior art keywords
password
ciphertext
session key
key
utilizes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410048642.9A
Other languages
Chinese (zh)
Inventor
柴洪峰
鲁志军
李卷孺
束骏亮
华锦芝
徐泽伟
刘发章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN201410048642.9A priority Critical patent/CN104836660A/en
Priority to PCT/CN2015/071726 priority patent/WO2015120769A1/en
Publication of CN104836660A publication Critical patent/CN104836660A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明公开了一种密码管理方法,包括利用第一通信方式从第一装置向第二装置传送会话密钥,其中所述会话密钥由所述第一装置生成;以及利用第二通信方式从所述第二装置向所述第一装置返回第一密文,所述第一密文是所述第二装置利用所述会话密钥对保护密码进行加密所得,所述保护密码由所述第二装置动态随机生成。本发明还公开了一种密码管理系统。

The present invention discloses a password management method, which includes transmitting a session key from a first device to a second device by using a first communication method, wherein the session key is generated by the first device; The second device returns a first ciphertext to the first device, the first ciphertext is obtained by the second device using the session key to encrypt a protection password, the protection password is determined by the first The second device is dynamically generated randomly. The invention also discloses a password management system.

Description

密码管理方法及系统Password management method and system

技术领域 technical field

本发明涉及密码管理领域,特别是涉及一种密码管理方法及系统。The invention relates to the field of password management, in particular to a password management method and system.

背景技术 Background technique

随着近年来电子商务的盛行,网络上的交易买卖已成为当今流行的一种交易方法,也随之带来一些交易上的风险。为了提高交易的安全性,人们不得不通过一些安全措施来保证交易的安全,密码的输入便是其中的一种,但是这并非就是一堵密不透风的墙。With the prevalence of e-commerce in recent years, online trading has become a popular trading method, which also brings some trading risks. In order to improve the security of the transaction, people have to adopt some security measures to ensure the security of the transaction. The input of the password is one of them, but this is not just an impenetrable wall.

由于密码往往是用户自设的,故而所设的密码不可避免地会带有个人的痕迹。另外,用户可能会用同一密码来登录不同的账号,如果某一个账号的密码发生泄漏,其它账号的密码也会有被破解的风险。这些都给密码的安全性带来了隐患。Since the password is often set by the user, the password will inevitably have personal traces. In addition, users may use the same password to log in to different accounts. If the password of a certain account is leaked, the passwords of other accounts may also be cracked. All of these have brought hidden dangers to the security of passwords.

为了解决这个问题,申请号为201210225542.X、发明名称为“一种密码管理方法和系统”的发明专利申请提出一种密码管理方法。该方法包括当接收到用户请求某一账号的密码时,为该账号随机生成一密码;保存该账号与密码的对应关系;以及当检测到登录该账号的事件时,发起输出该密码的操作。该方案通过随机生成密码,实现密码的多元化,从而提高了信息安全性。另外,在检测到用户需要输入密码时,发起输出该密码的操作,使得用户无需记忆密码,方便了用户的密码管理。但是,该方案仅保存了密码与账号的对应关系,并没有考虑对密码传输过程进行保护。In order to solve this problem, the invention patent application with the application number 201210225542.X and the title of the invention as "a password management method and system" proposes a password management method. The method includes: when receiving a user's request for a password of an account, randomly generating a password for the account; storing the corresponding relationship between the account and the password; and initiating an operation of outputting the password when an event of logging into the account is detected. The scheme realizes the diversification of passwords by randomly generating passwords, thereby improving information security. In addition, when it is detected that the user needs to input a password, an operation of outputting the password is initiated, so that the user does not need to memorize the password, which facilitates the password management of the user. However, this solution only saves the corresponding relationship between passwords and accounts, and does not consider protecting the password transmission process.

申请号为201110000718.7、发明名称为“一种密码管理系统及方法”的发明专利申请提出了一种密码管理系统,但该密码管理系统对通信信道无保护,一旦出现监听程序,密码将会泄漏,且对于个人用户而言,远程服务器并不一定安全。The invention patent application with the application number 201110000718.7 and the invention title "A password management system and method" proposes a password management system, but the password management system has no protection for the communication channel. Once a monitoring program appears, the password will be leaked. And for individual users, the remote server is not necessarily safe.

可见,在现有密码管理系统中,一方面使用互联网服务器作为存储介质,个人密码隐私不能得到有效的安全保障,另一方面使用传统的网络通信传输,一旦传输通道被监听窃取,用户密码会泄漏。It can be seen that in the existing password management system, on the one hand, Internet servers are used as storage media, and personal password privacy cannot be effectively guaranteed. On the other hand, traditional network communication transmission is used. Once the transmission channel is monitored and stolen, user passwords will be leaked. .

发明内容 Contents of the invention

本发明提出一种通信信道分离的密码管理方法及系统。在本发明的方案中,PC与智能终端(例如手机)的通信分为两条通信通道,分别为二维码与网络通道,通过通信信道的分离,可防止单一通道上的信息泄漏,保障了密码的传输的安全性。The invention proposes a password management method and system for separating communication channels. In the solution of the present invention, the communication between the PC and the smart terminal (such as a mobile phone) is divided into two communication channels, namely the two-dimensional code and the network channel. By separating the communication channels, information leakage on a single channel can be prevented, ensuring Security of password transmission.

根据本发明的一个方面,提供了一种密码管理方法,包括:利用第一通信方式从第一装置向第二装置传送会话密钥,其中所述会话密钥由所述第一装置生成;利用第二通信方式从所述第二装置向所述第一装置返回第一密文,所述第一密文是所述第二装置利用所述会话密钥对保护密码进行加密所得,所述保护密码由所述第二装置动态随机生成。According to one aspect of the present invention, there is provided a password management method, including: using a first communication method to transmit a session key from a first device to a second device, wherein the session key is generated by the first device; using The second communication method returns a first ciphertext from the second device to the first device, the first ciphertext is obtained by the second device using the session key to encrypt a protection password, and the protection The password is dynamically and randomly generated by the second device.

在上述密码管理方法中,所述第一装置为计算机插件,而所述第二装置为手机端软件。In the password management method above, the first device is a computer plug-in, and the second device is mobile phone software.

在上述密码管理方法中,利用第一通信方式从第一装置向第二装置传送会话密钥包括:所述第一装置将待传送会话密钥以二维码图片的形式显示在计算机屏幕上,以及所述第二装置利用二维码密钥解析图片数据,从而取得所述会话密钥,其中,所述二维码密钥由所述第一装置和所述第二装置共享。In the password management method above, using the first communication method to transmit the session key from the first device to the second device includes: the first device displays the session key to be transmitted on a computer screen in the form of a two-dimensional code picture, And the second device uses a two-dimensional code key to analyze the image data to obtain the session key, wherein the two-dimensional code key is shared by the first device and the second device.

在上述密码管理方法中,利用第二通信方式从所述第二装置向所述第一装置返回第一密文包括:所述第二装置动态随机生成保护密码,并利用所得到的会话密钥将所述保护密码进行加密,从而生成第一密文;以及所述第二装置通过局域网将所述第一密文传送给所述第一装置。In the password management method above, using the second communication method to return the first ciphertext from the second device to the first device includes: the second device dynamically and randomly generates a protection password, and uses the obtained session key encrypting the protection password to generate a first ciphertext; and the second device transmits the first ciphertext to the first device through a local area network.

上述密码管理方法还可包括:所述第一装置利用所述会话密钥对所述第一密文进行解密,以便得到所述保护密码。The above password management method may further include: the first device decrypts the first ciphertext by using the session key, so as to obtain the protection password.

上述密码管理方法还可包括:所述第二装置利用主密钥来对所述保护密码进行加密以便得到第二密文并将其进行存储,其中所述主密钥由所述第二装置在初始化流程中随机生成。The above-mentioned password management method may further include: the second device encrypts the protection password with a master key to obtain a second ciphertext and stores it, wherein the master key is used by the second device at Randomly generated during the initialization process.

在上述密码管理方法中,所述第二密文与特定网站的URL对应,使得所述第二装置可通过所要访问网站的URL来检索与该网站对应的第二密文,并进而获得保护密码。In the password management method above, the second ciphertext corresponds to the URL of a specific website, so that the second device can retrieve the second ciphertext corresponding to the website through the URL of the website to be visited, and then obtain the protection password .

根据本发明的另一个方面,提供了一种密码管理系统。所述密码管理系统包括第一装置和第二装置,其中,所述第一装置配置成生成会话密钥并利用第一通信方式将所述会话密钥发送给所述第二装置;所述第二装置配置成动态随机生成保护密码,利用所述会话密钥对所述保护密码进行加密从而得到第一密文,并利用第二通信方式向所述第一装置返回所述第一密文。According to another aspect of the present invention, a password management system is provided. The password management system includes a first device and a second device, wherein the first device is configured to generate a session key and send the session key to the second device by using a first communication method; the second device The second device is configured to dynamically and randomly generate a protection password, use the session key to encrypt the protection password to obtain a first ciphertext, and return the first ciphertext to the first device by using a second communication method.

在上述密码管理系统中,所述第一装置为计算机插件,而所述第二装置为手机端软件。In the above password management system, the first device is a computer plug-in, and the second device is mobile phone software.

在上述密码管理系统中,所述第一装置配置成:将待传送会话密钥以二维码图片的形式显示在计算机屏幕上,以及利用二维码密钥解析图片数据,从而取得所述会话密钥,其中,所述二维码密钥由所述第一装置和所述第二装置共享。In the password management system above, the first device is configured to: display the session key to be transmitted on the computer screen in the form of a two-dimensional code picture, and use the two-dimensional code key to analyze the picture data, so as to obtain the session A key, wherein the two-dimensional code key is shared by the first device and the second device.

在上述密码管理系统中,所述第二装置配置成:通过局域网将所述第一密文传送给所述第一装置。In the above password management system, the second device is configured to: transmit the first ciphertext to the first device through a local area network.

在上述密码管理系统中,所述第一装置还配置成:利用所述会话密钥对所接收到的第一密文进行解密,以便得到所述保护密码。In the password management system above, the first device is further configured to: use the session key to decrypt the received first ciphertext, so as to obtain the protection password.

在上述密码管理系统中,所述第二装置还配置成:利用主密钥来对所述保护密码进行加密以便得到第二密文并将所述第二密文进行存储,其中所述主密钥由所述第二装置在初始化流程中随机生成。In the password management system above, the second device is further configured to: use a master key to encrypt the protection password to obtain a second ciphertext and store the second ciphertext, wherein the master key The key is randomly generated by the second device during the initialization process.

在上述密码管理方法中,所述第二密文与特定网站的URL对应,使得所述第二装置可通过所要访问网站的URL来检索与该网站对应的第二密文,并进而获得保护密码。In the password management method above, the second ciphertext corresponds to the URL of a specific website, so that the second device can retrieve the second ciphertext corresponding to the website through the URL of the website to be visited, and then obtain the protection password .

通过采用本发明的技术方案,用户PC端不再保存密码,仅在需要使用密码时向手机端获取,保障了密码存储的安全性。另外,由于PC端到手机端的密钥传输使用二维码图片,不使用传统的网络通信,保护了会话密钥不被窃取。再者,生成的二维码图片经过加密处理,且密钥动态可变,保障了传输通道的安全性。本发明技术方案中的密码保护基于用户指定的手机终端,其中的数据通信均在本地完成,无远程服务器,可保证了密码不外泄,保障了密码安全。通过使用本方案,用户可在指定的手机终端中方便快捷的保存个人密码,个人手机随身携带,使用时很方便。By adopting the technical scheme of the present invention, the user's PC no longer saves the password, and only obtains it from the mobile phone when the password is needed, thereby ensuring the security of password storage. In addition, since the key transmission from the PC to the mobile phone uses a QR code image, traditional network communication is not used, which protects the session key from being stolen. Furthermore, the generated QR code image is encrypted, and the key is dynamically variable, which ensures the security of the transmission channel. The password protection in the technical solution of the present invention is based on the mobile phone terminal designated by the user, and the data communication in it is all completed locally without a remote server, which can ensure that the password is not leaked and the password security is ensured. By using this solution, the user can conveniently and quickly save the personal password in the designated mobile terminal, and the personal mobile phone is carried with him, which is very convenient for use.

附图说明 Description of drawings

在参照附图阅读了本发明的具体实施方式以后,本领域技术人员将会更清楚地了解本发明的各个方面。本领域技术人员应当理解的是:这些附图仅仅用于配合具体实施方式说明本发明的技术方案,而并非意在对本发明的保护范围构成限制。Those skilled in the art will understand various aspects of the present invention more clearly after reading the detailed description of the present invention with reference to the accompanying drawings. Those skilled in the art should understand that: these drawings are only used to describe the technical solutions of the present invention in conjunction with specific implementation methods, and are not intended to limit the protection scope of the present invention.

图1是根据本发明的一个实施例、密码管理的初始化流程示意图;Fig. 1 is a schematic diagram of an initialization process of password management according to an embodiment of the present invention;

图2是根据本发明的一个实施例、密码生成流程示意图;Fig. 2 is a schematic diagram of a password generation process according to an embodiment of the present invention;

图3是根据本发明的一个实施例、密码使用流程示意图。Fig. 3 is a schematic diagram of a password usage flow according to an embodiment of the present invention.

具体实施方式 Detailed ways

下面介绍的是本发明的多个可能实施例中的一些,旨在提供对本发明的基本了解,并不旨在确认本发明的关键或决定性的要素或限定所要保护的范围。容易理解,根据本发明的技术方案,在不变更本发明的实质精神下,本领域的一般技术人员可以提出可相互替换的其它实现方式。因此,以下具体实施方式以及附图仅是对本发明的技术方案的示例性说明,而不应当视为本发明的全部或者视为对本发明技术方案的限定或限制。The following introduces some of the possible embodiments of the present invention, which are intended to provide a basic understanding of the present invention, but are not intended to identify key or decisive elements of the present invention or limit the scope of protection. It is easy to understand that, according to the technical solution of the present invention, those skilled in the art may propose other alternative implementation manners without changing the essence and spirit of the present invention. Therefore, the following specific embodiments and drawings are only exemplary descriptions of the technical solution of the present invention, and should not be regarded as the entirety of the present invention or as a limitation or restriction on the technical solution of the present invention.

根据本发明的一个实施例,密码管理系统可包括第一装置和第二装置。第一装置可配置成生成会话密钥并利用第一通信方式将该会话密钥发送给第二装置。第二装置配置成动态随机生成保护密码,利用会话密钥对该保护密码进行加密从而得到第一密文,并利用第二通信方式向第一装置返回第一密文。According to an embodiment of the present invention, a password management system may include a first device and a second device. The first device may be configured to generate a session key and send the session key to the second device using the first communication method. The second device is configured to dynamically and randomly generate a protection password, use the session key to encrypt the protection password to obtain the first ciphertext, and use the second communication method to return the first ciphertext to the first device.

由于采用两种不同的通信方式来传送密钥和密文,即使其中的一个传输通道(例如网络)被监听,用户所要保护的密码也不会外泄,因为这时被监听到的仅是经会话密钥加密的第一密文。Since two different communication methods are used to transmit the key and ciphertext, even if one of the transmission channels (such as the network) is monitored, the password to be protected by the user will not be leaked, because at this time only the passed The first ciphertext encrypted with the session key.

为了提供网络的安全性,第一装置与第二装置可位于同一局域网中。并且,第一装置可以某种方式与第二装置共享二维码密钥,来用于对二维码图片进行加密及解密,从而即使二维码图片被恶意程序所截屏分析,二维码图片中的内容也不会泄漏。In order to provide network security, the first device and the second device can be located in the same local area network. Moreover, the first device may share the two-dimensional code key with the second device in some way to encrypt and decrypt the two-dimensional code picture, so that even if the two-dimensional code picture is captured and analyzed by a malicious program, the two-dimensional code picture The content in will not be leaked either.

在一个具体的实施例中,第一装置可以是计算机插件,例如PC浏览器中的插件。第二装置可以是智能终端软件,例如手机端的密码管理软件。In a specific embodiment, the first device may be a computer plug-in, such as a plug-in in a PC browser. The second device may be smart terminal software, such as password management software on a mobile phone.

图1示意示出了根据本发明的一个实施例的密码初始化流程。首先,确保PC与手机处于同一局域网中,使得PC通过本地网络可连接手机软件。接着,PC插件向手机端软件发送二维码密钥,作为探测请求。手机端软件在检测到探测请求后,发送回复。随后,手机端软件随机生成强密码P1,用作密码加密存储的主密钥。最后,手机端软件保存二维码密钥。至此,该初始化流程完成。Fig. 1 schematically shows a password initialization process according to an embodiment of the present invention. First, make sure that the PC and the mobile phone are in the same local area network, so that the PC can connect to the mobile phone software through the local network. Then, the PC plug-in sends the QR code key to the mobile phone software as a detection request. After detecting the probe request, the software on the mobile phone sends a reply. Subsequently, the mobile terminal software randomly generates a strong password P1, which is used as the master key for encrypted storage of the password. Finally, the mobile phone software saves the QR code key. So far, the initialization process is completed.

图2示意示出了根据本发明的一个实施例的密码生成流程。如图2所示,此时PC插件与手机端软件已初始化,可正常工作。用户在浏览器中打开网站注册页面。当浏览器插件检测到注册页面时,浏览器插件根据URL生成随机会话密钥Key,插件根据Key、URL生成自定义二维码图片,显示在屏幕上。接着,手机端软件扫描二维码,使用二维码密钥解析图片数据,取得会话在密钥Key,URL等信息,识别到此次是注册请求,检测提取Key,URL等信息。然后,手机端软件动态生成随机强密码 P2,使用初始化流程中生成的主密钥P1加密P2 得到密文S1,并将URL、S1存储到手机端数据库中。再后,手机端软件使用会话密钥Key加密P2得到密文S2,并将S2发送到插件。最后,插件使用会话密钥Key解密S2,得到P2并将密码填入页面密码框中。Fig. 2 schematically shows a password generation process according to an embodiment of the present invention. As shown in Figure 2, the PC plug-in and mobile phone software have been initialized and can work normally. The user opens the website registration page in the browser. When the browser plug-in detects the registration page, the browser plug-in generates a random session key Key according to the URL, and the plug-in generates a custom QR code image according to the Key and URL, and displays it on the screen. Then, the software on the mobile phone scans the QR code, uses the QR code key to analyze the picture data, obtains information such as the session key Key and URL, recognizes that this is a registration request, and detects and extracts the Key, URL and other information. Then, the mobile phone software dynamically generates a random strong password P2, encrypts P2 with the master key P1 generated in the initialization process to obtain the ciphertext S1, and stores the URL and S1 in the mobile phone database. Then, the software on the mobile phone uses the session key Key to encrypt P2 to obtain the ciphertext S2, and sends S2 to the plug-in. Finally, the plug-in uses the session key Key to decrypt S2, obtains P2 and fills the password into the page password box.

图3示意示出了根据本发明的一个实施例的密码使用流程。用户在浏览器中打开网站登录页面。当浏览器插件检测到登录页面时,其生成随机会话密钥Key,根据Key、URL生成二维码图片,并将二维码图片显示在屏幕上。接着,手机端软件扫描二维码,使用二维码密钥解析图片数据,取得会话在密钥Key,URL等信息,识别到此次是登录请求,检测提取请求中的Key,URL。手机端软件可根据URL从数据库取得密码对应的密文S1,使用主密钥P1将S1解密为明文,并将明文使用会话密钥Key加密生成密文S2。然后,手机端软件将S2传输到浏览器插件中,插件收到S2,使用会话密钥解密得到密码。最后,插件将密码填入页面密码框中。Fig. 3 schematically shows a password usage process according to an embodiment of the present invention. A user opens a website login page in a browser. When the browser plug-in detects the login page, it generates a random session key Key, generates a QR code image according to the Key and URL, and displays the QR code image on the screen. Next, the software on the mobile phone scans the QR code, uses the QR code key to analyze the image data, obtains information such as the session key Key and URL, recognizes that this is a login request, and detects the Key and URL in the extraction request. The mobile phone software can obtain the ciphertext S1 corresponding to the password from the database according to the URL, decrypt S1 into plaintext using the master key P1, and encrypt the plaintext using the session key Key to generate ciphertext S2. Then, the mobile terminal software transmits S2 to the browser plug-in, and the plug-in receives S2 and uses the session key to decrypt it to obtain the password. Finally, the plugin fills the password into the page password box.

通过采用本发明的技术方案,用户PC端不再保存密码,仅在需要使用密码时向手机端获取,保障了密码存储的安全性。另外,由于PC端到手机端的密钥传输使用二维码图片,不使用传统的网络通信,保护了会话密钥不被窃取。再者,生成的二维码图片经过加密处理,且密钥动态可变,保障了传输通道的安全性。本发明技术方案中的密码保护基于用户指定的手机终端,其中的数据通信均在本地完成,无远程服务器,可保证了密码不外泄,保障了密码安全。通过使用本方案,用户可在指定的手机终端中方便快捷的保存个人密码,个人手机随身携带,使用时很方便。By adopting the technical scheme of the present invention, the user's PC no longer saves the password, and only obtains it from the mobile phone when the password is needed, thereby ensuring the security of password storage. In addition, since the key transmission from the PC to the mobile phone uses a QR code image, traditional network communication is not used, which protects the session key from being stolen. Furthermore, the generated QR code image is encrypted, and the key is dynamically variable, which ensures the security of the transmission channel. The password protection in the technical solution of the present invention is based on the mobile phone terminal designated by the user, and the data communication in it is all completed locally without a remote server, which can ensure that the password is not leaked and the password security is ensured. By using this solution, the user can conveniently and quickly save the personal password in the designated mobile terminal, and the personal mobile phone is carried with him, which is very convenient for use.

上文中,参照附图描述了本发明的具体实施方式。但是,本领域中的普通技术人员能够理解,在不偏离本发明的精神和范围的情况下,还可以对本发明的具体实施方式作各种变更和替换。这些变更和替换都落在本发明权利要求书所限定的范围内。Hereinbefore, specific embodiments of the present invention have been described with reference to the accompanying drawings. However, those skilled in the art can understand that without departing from the spirit and scope of the present invention, various changes and substitutions can be made to the specific embodiments of the present invention. These changes and substitutions all fall within the scope defined by the claims of the present invention.

Claims (14)

1. a cipher management method, comprising:
Utilize first communication party formula to transmit session key from first device to the second device, wherein said session key is generated by described first device;
Second communication method is utilized to return the first ciphertext from described second device to described first device; described first ciphertext is that described second device utilizes described session key to be encrypted gained to protection password, and described protection password is generated by described second device dynamic random.
2. cipher management method as claimed in claim 1, wherein, described first device is computer socket, and described second device is intelligent terminal software.
3. cipher management method as claimed in claim 2, wherein, utilizes first communication party formula to transmit session key from first device to the second device and comprises:
Described first device transmits session key with the display of the form of two-dimension code image on the computer screen by waiting, and
Described second device utilizes Quick Response Code key-parsing image data, thus obtains described session key,
Wherein, described Quick Response Code key is shared by described first device and described second device.
4. cipher management method as claimed in claim 2, wherein, utilizes second communication method to return the first ciphertext from described second device to described first device and comprises:
Described second device dynamic random generates protection password, and utilizes the session key obtained to be encrypted by described protection password, thus generates the first ciphertext; And
Described second device sends described first ciphertext to described first device by local area network (LAN).
5. cipher management method as claimed in claim 1, also comprises:
Described first device utilizes described session key to be decrypted described first ciphertext, to obtain described protection password.
6. cipher management method as claimed in claim 1, also comprises:
Described second device utilizes master key to be encrypted described protection password to obtain the second ciphertext and to store, and wherein said master key is by described second device stochastic generation in initialize flow.
7. cipher management method as claimed in claim 6, wherein, described second ciphertext is corresponding with the URL of specific website, makes described second device retrieve second ciphertext corresponding with this website by the URL of wanted access websites, and and then acquisition protect password.
8. a password management system, is characterized in that, comprising: first device and the second device,
Wherein, described first device is configured to session key generation and utilizes first communication party formula that described session key is sent to described second device;
Wherein, described second device is configured to dynamic random and generates protection password, utilizes described session key be encrypted described protection password thus obtain the first ciphertext, and utilizes second communication method to return described first ciphertext to described first device.
9. password management system as claimed in claim 8, wherein, described first device is computer socket, and described second device is intelligent terminal software.
10. password management system as claimed in claim 9, wherein, described first device is configured to:
Session key is transmitted with the display of the form of two-dimension code image on the computer screen by waiting, and
Utilize Quick Response Code key-parsing image data, thus obtain described session key, wherein, described Quick Response Code key is shared by described first device and described second device.
11. password management system as claimed in claim 9, wherein, described second device is configured to:
Described first ciphertext is sent to described first device by local area network (LAN).
12. password management system as claimed in claim 8, wherein, described first device is also configured to:
Described session key is utilized to be decrypted the first received ciphertext, to obtain described protection password.
13. password management system as claimed in claim 8, wherein, described second device is also configured to:
Utilize master key to be encrypted described protection password to obtain the second ciphertext and described second ciphertext to be stored, wherein said master key is by described second device stochastic generation in initialize flow.
14. cipher management methods as claimed in claim 13; wherein; described second ciphertext is corresponding with the URL of specific website, makes described second device retrieve second ciphertext corresponding with this website by the URL of wanted access websites, and and then obtains protection password.
CN201410048642.9A 2014-02-12 2014-02-12 Password management method and system Pending CN104836660A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410048642.9A CN104836660A (en) 2014-02-12 2014-02-12 Password management method and system
PCT/CN2015/071726 WO2015120769A1 (en) 2014-02-12 2015-01-28 Password management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410048642.9A CN104836660A (en) 2014-02-12 2014-02-12 Password management method and system

Publications (1)

Publication Number Publication Date
CN104836660A true CN104836660A (en) 2015-08-12

Family

ID=53799582

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410048642.9A Pending CN104836660A (en) 2014-02-12 2014-02-12 Password management method and system

Country Status (2)

Country Link
CN (1) CN104836660A (en)
WO (1) WO2015120769A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105406963A (en) * 2015-12-09 2016-03-16 中国联合网络通信集团有限公司 Encryption method, encryption device, decryption method and decryption device for user account
WO2019134236A1 (en) * 2018-01-08 2019-07-11 平安科技(深圳)有限公司 Password management method, device, terminal apparatus, and storage medium
CN113067697A (en) * 2019-12-31 2021-07-02 王建清 Remote password input method, storage medium, device and equipment
CN115334100A (en) * 2022-07-22 2022-11-11 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, vehicle, and computer-readable storage medium
CN115334102A (en) * 2022-07-22 2022-11-11 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, vehicle, and computer-readable storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117176339B (en) * 2023-08-31 2024-06-18 深圳手付通科技有限公司 A method and system for online updating of master key TMK of POS terminal equipment

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101067802A (en) * 2006-11-21 2007-11-07 深圳易拓科技有限公司 Safety mobile hard disc
CN101098223A (en) * 2007-07-05 2008-01-02 李江 Method and device for encrypting network user password
CN101110098A (en) * 2007-08-31 2008-01-23 深圳兆日技术有限公司 Generation and management method for digital content use trace based on reliable computing technology
CN101178802A (en) * 2006-11-08 2008-05-14 李东声 Dynamic password realization method in network bank trading and electronic signing device
CN101374149A (en) * 2008-09-19 2009-02-25 中国民生银行股份有限公司 Method and system for preventing password theft
CN101583102A (en) * 2009-06-18 2009-11-18 江苏鸿信系统集成有限公司 Method for realizing one-time pad through wireless broadband access short message mode
CN101951320A (en) * 2010-09-29 2011-01-19 北京天地融科技有限公司 Implementation method, device and system of dynamic password
CN101997678A (en) * 2010-11-18 2011-03-30 东莞宇龙通信科技有限公司 A method and terminal for obtaining a password
CN103036674A (en) * 2012-12-04 2013-04-10 同济大学 Computer permission control method based on mobile dynamic password
CN103178964A (en) * 2013-03-05 2013-06-26 中国地质大学(武汉) A key exchange method for intelligent terminal authentication based on two-dimensional code
US8489899B2 (en) * 2008-12-30 2013-07-16 Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. System and method for encrypting and decrypting data
CN103458400A (en) * 2013-09-05 2013-12-18 中国科学院数据与通信保护研究教育中心 Key management method for voice encryption communication system
CN103491090A (en) * 2013-09-23 2014-01-01 金蝶软件(中国)有限公司 Safety authentication method, device and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103327485A (en) * 2012-03-23 2013-09-25 辉达公司 Method and system for wirelessly transmitting content
CN104079404A (en) * 2014-07-07 2014-10-01 北京深思数盾科技有限公司 Sensitive data secure exchange method and system

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101178802A (en) * 2006-11-08 2008-05-14 李东声 Dynamic password realization method in network bank trading and electronic signing device
CN101067802A (en) * 2006-11-21 2007-11-07 深圳易拓科技有限公司 Safety mobile hard disc
CN101098223A (en) * 2007-07-05 2008-01-02 李江 Method and device for encrypting network user password
CN101110098A (en) * 2007-08-31 2008-01-23 深圳兆日技术有限公司 Generation and management method for digital content use trace based on reliable computing technology
CN101374149A (en) * 2008-09-19 2009-02-25 中国民生银行股份有限公司 Method and system for preventing password theft
US8489899B2 (en) * 2008-12-30 2013-07-16 Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. System and method for encrypting and decrypting data
CN101583102A (en) * 2009-06-18 2009-11-18 江苏鸿信系统集成有限公司 Method for realizing one-time pad through wireless broadband access short message mode
CN101951320A (en) * 2010-09-29 2011-01-19 北京天地融科技有限公司 Implementation method, device and system of dynamic password
CN101997678A (en) * 2010-11-18 2011-03-30 东莞宇龙通信科技有限公司 A method and terminal for obtaining a password
CN103036674A (en) * 2012-12-04 2013-04-10 同济大学 Computer permission control method based on mobile dynamic password
CN103178964A (en) * 2013-03-05 2013-06-26 中国地质大学(武汉) A key exchange method for intelligent terminal authentication based on two-dimensional code
CN103458400A (en) * 2013-09-05 2013-12-18 中国科学院数据与通信保护研究教育中心 Key management method for voice encryption communication system
CN103491090A (en) * 2013-09-23 2014-01-01 金蝶软件(中国)有限公司 Safety authentication method, device and system

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105406963A (en) * 2015-12-09 2016-03-16 中国联合网络通信集团有限公司 Encryption method, encryption device, decryption method and decryption device for user account
CN105406963B (en) * 2015-12-09 2019-02-15 中国联合网络通信集团有限公司 User account encryption method, encryption device, decryption method, decryption device
WO2019134236A1 (en) * 2018-01-08 2019-07-11 平安科技(深圳)有限公司 Password management method, device, terminal apparatus, and storage medium
CN113067697A (en) * 2019-12-31 2021-07-02 王建清 Remote password input method, storage medium, device and equipment
CN113067697B (en) * 2019-12-31 2022-12-09 王建清 Remote password input method, storage medium, device and equipment
CN115334100A (en) * 2022-07-22 2022-11-11 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, vehicle, and computer-readable storage medium
CN115334102A (en) * 2022-07-22 2022-11-11 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, vehicle, and computer-readable storage medium
WO2024017255A1 (en) * 2022-07-22 2024-01-25 蔚来汽车科技(安徽)有限公司 Vehicle communication method, terminal, vehicle and computer-readable storage medium
WO2024017256A1 (en) * 2022-07-22 2024-01-25 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, and vehicle and computer-readable storage medium
CN115334102B (en) * 2022-07-22 2025-06-17 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, vehicle, and computer-readable storage medium
CN115334100B (en) * 2022-07-22 2025-08-26 蔚来汽车科技(安徽)有限公司 Vehicle communication method and terminal, vehicle, and computer-readable storage medium

Also Published As

Publication number Publication date
WO2015120769A1 (en) 2015-08-20

Similar Documents

Publication Publication Date Title
EP2901616B1 (en) Method for mobile security context authentication
US9235732B2 (en) Secure communication methods
US20080148057A1 (en) Security token
TWI424726B (en) Method and system for defeating the man in the middle computer hacking technique
US20120266224A1 (en) Method and system for user authentication
CN102833244B (en) Communication method for authentication by fingerprint information
TWI544357B (en) Computer network system with one-button fast and secure login function
JP2017521934A (en) Method of mutual verification between client and server
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
WO2008118966A1 (en) System and method for user authentication with exposed and hidden keys
JP2008269610A (en) Protecting sensitive data intended for remote application
US9686251B2 (en) Devices and techniques for controlling disclosure of sensitive information
CN104361267A (en) Software authorization and protection device and method based on asymmetric cryptographic algorithm
CN105450413A (en) Password-setting method, device, and system
CN102271035A (en) Method and device for transmitting password
CN104992119B (en) A kind of safe transmission method and system of sensitive information Anti-theft
CN104836660A (en) Password management method and system
CN113826096A (en) User authentication and signature device and method using user biometric identification data
CN105187389A (en) Webpage access method and system based on digital mixed encryption
CN103905188A (en) Method for generating dynamic password through intelligent secret key device, and intelligent secret key device
US11968202B2 (en) Secure authentication in adverse environments
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN109740319B (en) Digital identity verification method and server
CN104901951B (en) Code data processing based on mobile terminal and exchange method in a kind of Web applications
CN102027728B (en) Method and system for defeating the man in the middle computer hacking technique

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20150812

RJ01 Rejection of invention patent application after publication