[go: up one dir, main page]

WO2015101332A1 - Procédé et système de gestion de classification de mots de passe - Google Patents

Procédé et système de gestion de classification de mots de passe Download PDF

Info

Publication number
WO2015101332A1
WO2015101332A1 PCT/CN2014/095930 CN2014095930W WO2015101332A1 WO 2015101332 A1 WO2015101332 A1 WO 2015101332A1 CN 2014095930 W CN2014095930 W CN 2014095930W WO 2015101332 A1 WO2015101332 A1 WO 2015101332A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
permission
account
secondary password
correspondence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/095930
Other languages
English (en)
Chinese (zh)
Inventor
玄立永
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Publication of WO2015101332A1 publication Critical patent/WO2015101332A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Definitions

  • the present application relates to the field of Internet and computer technologies, and in particular, to a password hierarchical management method and system, and to a computer storage medium including instructions for performing a password hierarchical management method.
  • an account name in the existing service platform corresponds to a password.
  • the service platform After the user logs in using a valid account name and password, the service platform provides the user with all service functions of the service platform.
  • a password leak has a very large risk, such as leaking all users' information, and allowing the password thief to tamper with the password arbitrarily, or stealing the password to complete any user behavior.
  • a password hierarchical management method includes:
  • the master password and the secondary password are two password types of an account, and one master password corresponds to one or more secondary passwords.
  • a password hierarchical management system comprising:
  • a receiving module configured to receive a secondary password setting request of the currently logged in account
  • An authentication module configured to verify whether the current login account is used to log in or not
  • the receiving module is further configured to: after the verification is passed, receive the input secondary password and the permission corresponding to the secondary password;
  • Corresponding relationship storage module configured to store a correspondence between the current login account, the secondary password, and the corresponding authority
  • the master password and the secondary password are two password types of an account, and one master password corresponds to one or more secondary passwords.
  • a computer readable storage medium is also provided.
  • One or more computer readable storage media containing computer executable instructions for performing the cryptographic hierarchical management method described above.
  • the password classification management method and system and the executable instruction for executing the password hierarchical management method in the computer readable storage medium after receiving the secondary password setting request of the current login account, verifying whether the current login account is used to log in or not. After the verification is passed, the input secondary password and the corresponding password of the secondary password are received, and the correspondence between the current login account secondary password and the corresponding authority is stored.
  • the sub password of the account when an account is logged in using the master password, the sub password of the account can be set and the permission corresponding to the sub password can be set. It can improve information security. For example, it can prevent the account from leaking user information or tampering with the account password when logging in with the secondary password, thereby improving information security.
  • FIG. 1 is a schematic flowchart of a password hierarchical management method in a specific embodiment
  • FIG. 2 is a schematic flowchart of a process of providing a corresponding function according to a password according to a password hierarchical management method in a specific embodiment
  • FIG. 3 is a schematic diagram of interaction between a secondary password and a permission setting process of the password hierarchical management method in the specific embodiment
  • FIG. 4 is a schematic diagram of interaction of a process for providing a corresponding function according to a password according to a password hierarchical management method in a specific embodiment
  • FIG. 5 is a schematic structural diagram of a password hierarchical management system in a specific embodiment
  • FIG. 6 is a schematic structural diagram of a password hierarchical management system in a specific embodiment
  • FIG. 7 is a schematic structural diagram of a password hierarchical management system in a specific embodiment
  • FIG. 8 is a schematic diagram of an exemplary computer system environment in which embodiments of the present application can be implemented.
  • the components and components in the present application may be present in a single form or in multiple forms, and the present application is not limited thereto.
  • the steps in the present application are arranged by reference numerals, but are not intended to limit the order of the steps. The relative order of the steps may be adjusted unless the order of the steps is explicitly stated or the execution of the steps requires other steps as a basis. It will be understood that the term "and/or" as used herein relates to and encompasses any and all possible combinations of one or more of the associated listed items.
  • the master password and the secondary password are the master-slave relationship, that is, if there is no master password, there will be no secondary password in the system, and one master password corresponds to one or more secondary passwords.
  • the master password may be the login password of the account
  • the secondary password may be other passwords manually set after the account is registered by using the master password.
  • the login password of the account can be the password entered when registering an account.
  • the above descriptions of the primary password and the secondary password are only examples.
  • the primary password, the type of the secondary password, and the setting manner are not limited.
  • the primary password may also be other types of passwords, such as an account authentication password, such as a secondary password. It can also be the password generated by the system at the same time as the login password of the master password.
  • a password hierarchical management method includes:
  • the secondary password setting request is a request to set a secondary password.
  • the master password and the secondary password are the two password types of the account, and one master password corresponds to one or more secondary passwords.
  • the password entered when the account is logged in is the primary password, it means that the current login account uses the master password.
  • S104 may prompt to input the master password and verify whether the entered password is a legitimate master password, and if so, determine that the current login account is used to log in using the master password. Because if the currently entered password is a legal master password, it means that the master password can also be entered when the account is logged in. Therefore, it can be verified whether the current login password is a valid master password to verify whether the current login account is used for login. password.
  • the password classification management method before S104, further includes the step of: when the account is logged in with a valid master password, marking the current login account to use the master password when logging in.
  • S104 may check whether the current login account is useful to indicate that the primary password is used when logging in, and if so, determine that the current login account is used to log in using the master password. In one embodiment, if the current login account is logged in without using a master password, the process may end.
  • the secondary password may be prompted and prompted to set the permissions corresponding to the secondary password.
  • Different permissions correspond to different functions.
  • the function corresponding to the permission can be set and stored in advance.
  • S108 Store a correspondence between a current login account, a secondary password, and a corresponding permission.
  • the correspondence between the current login account and the secondary password may be stored, and the correspondence between the secondary password and the authority may be stored.
  • the password classification management method further includes a process of modifying a secondary password corresponding authority, the process comprising the steps of: receiving a request for modifying a permission corresponding to the secondary password; and verifying whether the current login account is used to log in or not. After the verification is passed, the modified authority of the input is received, and the correspondence between the secondary password and the modified authority is stored.
  • the request for modifying the permission corresponding to the secondary password includes the information of the secondary password and the modified authority.
  • the original authority corresponding to the secondary password included in the request may be queried in the correspondence table of the secondary password and the authority, and the original authority is modified to the modified authority included in the request; or the record corresponding to the secondary password included in the request is deleted. And add a record containing the secondary password and the modified permissions.
  • the password classification management method further includes a process of modifying a secondary password, and the process includes the following steps:
  • the original password to be modified and the corresponding new secondary password are received, and the correspondence between the current login account, the original secondary password, and the corresponding authority is changed to the current login account.
  • the new secondary password and the corresponding authority corresponds to the current login account.
  • the new secondary password entered is received, and the correspondence between the original secondary password and the new secondary password used in the login is saved, and the current login account is re-registered with the primary password;
  • the approval request includes the original secondary password and the new secondary password; receive the approval result sent by the login client; modify the original secondary password or abort the modification according to the approval result.
  • Original secondary password is a modification sub-password approval request
  • the correspondence between the current login account, the original secondary password, and the corresponding permission is changed to a correspondence between the current login account, the new secondary password, and the corresponding authority. And the correspondence between the original secondary password and the new secondary password used in the saved login is deleted; if the approval result indicates that the modification is not allowed, the correspondence between the original secondary password and the new secondary password used in the saved login is deleted.
  • the secondary password can be modified according to requirements, for example, the secondary password is modified into a better memory sequence, and the rights corresponding to the original secondary password are retained, thereby providing operational convenience.
  • the foregoing password classification management method further includes the steps of:
  • S202 Receive a login request, where the login request includes an account and a password.
  • the correspondence between the account and the master password and the correspondence between the account and the secondary password are respectively stored in two different data tables, and S204 can be searched in the data table of the correspondence between the account and the master password.
  • the password corresponding to the account included in the login request if the search is successful, matches the found password with the password included in the login request. If the matching is consistent, it is determined that the password included in the login request is legal and the password type is dominant. If the password is inconsistent, it is determined that the password included in the login request is not a valid password; if the search fails, the password corresponding to the account included in the login request is searched in the data table corresponding to the storage account and the secondary password.
  • the search succeeds, the password that is found is matched with the password included in the login request. If the matching is consistent, the password included in the login request is legal and the password type is a secondary password. If the search fails, the login request is included. The password is not a valid password.
  • the correspondence between the account number and the password can be stored in a data table, and a field marking the password type is added to the data table.
  • the field of the tag password type may be a Boolean type, which is used to indicate whether it is a master password (or to indicate whether it is a secondary password); if the field is yes, it is a master password (or a secondary password).
  • the field of the tag password type may also be a string type, which is used to represent the password parameter of the password, and the permission parameter may be understood as the name of the password; when the primary password and the secondary password are stored, the primary password and the secondary password may be set.
  • the prefix characters of the permission parameters are different.
  • the permission parameter corresponding to the primary password starts with “main”, and the permission parameter corresponding to the secondary password starts with “sub”; or, since there is only one primary password, the permission parameter may not be set when the primary password is stored.
  • the permission parameter is set when the secondary password is stored.
  • the foregoing S204 may search for an account included in the login request in a data table that stores the correspondence between the account and the password, and obtain a corresponding password, and match the obtained password with the password included in the login request, and if the matching is inconsistent, determine the login.
  • the password included in the request is not a valid password; if the matching is consistent, it is determined according to the corresponding field of the marked primary password and the secondary password that the password included in the login request is a primary password or a secondary password.
  • Obtaining the corresponding permission according to the type of the password includes the following steps: if the password included in the login request is a secondary password, querying the permission corresponding to the password included in the login request; if the password included in the login request is the primary password, obtaining the default primary The password corresponding to the password.
  • the default master password corresponds to all permissions, as there is no need to restrict permissions for the master password.
  • the password input error may be prompted.
  • the password grading management method further includes the steps of: generating a privilege parameter corresponding to the secondary password; S108, comprising: storing a correspondence between the current login account, the secondary password, and the corresponding privilege parameter, and storing The correspondence between the permission parameters and the corresponding permissions.
  • the permission parameter is a symbol name or a numeric serial number for identifying the secondary password
  • the permission parameter of the secondary password can be understood as the name of the secondary password, and the permission parameters corresponding to the different secondary passwords are different.
  • the correspondence between the current login account, the secondary password and the corresponding permission parameter, and the correspondence between the permission parameter and the authority may be stored in two different data tables, respectively.
  • the step of querying the password corresponding to the password included in the login request includes: obtaining a permission parameter corresponding to the password included in the login request, and querying the permission corresponding to the permission parameter.
  • the step of storing the correspondence between the secondary password and the modified authority is: obtaining the permission parameter corresponding to the secondary password, and storing the correspondence between the obtained permission parameter and the modified authority relationship.
  • the original authority corresponding to the obtained permission parameter may be queried in the correspondence table between the permission parameter and the permission, and the original authority is modified to the modified permission included in the request; or the record corresponding to the obtained permission parameter is deleted, and the inclusion and acquisition are added.
  • the permission parameters are recorded with the modified permissions.
  • the step of modifying the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding permission is performed.
  • the relationship between the current login account, the original secondary password, and the corresponding permission parameter is changed to the correspondence between the current login account, the new secondary password, and the corresponding permission parameter.
  • the password involves the security of the user information
  • the password needs a higher storage security level.
  • the password and the authority are separately stored and managed, and the secondary password and the authority are corresponding through the intermediate permission parameter, so that the password is safely implemented separately.
  • Storage management can not only ensure the security of user passwords, but also reduce storage management costs.
  • the user can restrict the use of all service functions by other users who log in to the service platform through the setting of the secondary password and the permission. That is, other users who log in to the service platform can only use certain service functions of the service platform, rather than all service functions, by virtue of the account name and the secondary password.
  • a password hierarchical management method runs on a client, an application server, a password storage server, and a rights storage server.
  • the password hierarchical management method includes a secondary password and a permission setting process, and FIG. 3 is the password classification.
  • the interaction code of the secondary password and the permission setting process of the management method, the secondary password and permission setting process includes the following steps:
  • the application server receives a secondary password setting request of the current login account sent by the client.
  • the application server sends an instruction to the client to input the master password.
  • the client prompts for the master password and sends the entered master password to the application server.
  • the application server sends the current login account and the entered master password to the password storage server.
  • the password storage server verifies whether the input master password is the legal master password of the current login account according to the correspondence between the pre-stored account and the master password. If yes, the verification succeeds, and if not, the verification fails; the verification result is sent to the application server. .
  • the client is sent an instruction to input the sub password and the authority corresponding to the sub password.
  • the client can prompt for the secondary password and prompt for the permission corresponding to the secondary password.
  • the further application server receives the input secondary password and the permission corresponding to the secondary password from the client.
  • the application server generates a permission parameter corresponding to the secondary password; sends the current login account, the secondary password, and the corresponding permission parameter to the password storage server, and sends the permission parameter and the corresponding permission to the permission storage server.
  • the password storage server stores the correspondence between the current login account, the secondary password, and the corresponding permission parameter, and returns a result of the storage success or failure to the application server; the correspondence between the permission storage server storage permission parameter and the corresponding permission, and The application server returns the result of the storage success or not.
  • the password involves the security of the user information
  • the password needs a higher storage security level.
  • the password and the authority are respectively stored in the password storage server and the rights storage server, and the secondary password and the authority are corresponding through the intermediate permission parameter. It is convenient to implement a high-security storage management for the password separately, that is, the security of the user password can be ensured, and the storage management cost can be reduced.
  • the password classification management method further includes a process of providing a corresponding service according to the password
  • FIG. 4 is an interaction diagram of the process of providing the corresponding service according to the password according to the password classification management method, and the process of providing the corresponding service according to the password includes the following steps. :
  • the application server receives a login request sent by the client, and the login request includes an account number and a password. Further, the application server sends the account and password included in the login request to the password storage server.
  • the password storage server queries the master password corresponding to the account included in the login request, and checks whether the password included in the login request matches the master password, and if so, the verification result that matches the password included in the login request with the master password. Return to the application server, if not, query the secondary password corresponding to the account included in the login request, and check whether the password included in the login request matches the secondary password. If the password included in the login request matches the secondary password, the corresponding permission parameter is obtained, and the permission parameter is sent to the permission storage server; the permission storage server queries the permission corresponding to the permission parameter, and returns the queried authority to the application server. If the password included in the login request does not match the secondary password, the password storage server returns the verification result that the password included in the login request is not a valid password to the application server.
  • the client If the application server receives the verification result that the password included in the login request returned by the password storage server matches the master password, the client provides the service corresponding to all the rights. If the application server receives the queried permission returned by the privilege storage server, the corresponding function is provided to the client according to the privilege. If the application server receives the verification result that the password included in the login request returned by the password storage server is not a valid password, the application server sends a password error message to the client; the client may prompt the password input error.
  • a password hierarchical management system includes a receiving module 502, an identity verification module 504, and a corresponding relationship storage module 506, where:
  • the receiving module 502 is configured to receive a secondary password setting request of the currently logged in account.
  • the password entered when registering an account can be referred to as the master password of the account.
  • the other password set after logging in using the account can be referred to as the secondary password of the account.
  • the secondary password setting request is a request to set a secondary password.
  • the authentication module 504 is configured to verify whether the current login account is used as a master password; the master password and the secondary password are two password types of the account, and one master password corresponds to one or more secondary passwords.
  • the password entered when the account is logged in is the primary password, it means that the current login account uses the master password.
  • the password classification management system further includes a prompting module (not shown) for prompting to input a master password, and the identity verification module 504 can verify whether the entered password is a legal master password, and if so, determining Verification passed. Because if the currently entered password is a legal master password, it means that the master password can also be entered when the account is logged in. Therefore, it can be verified whether the current login password is a valid master password to verify whether the current login account is used for login. password.
  • the password classification management system further includes a marking module, configured to mark the current login account to use the master password when the account is logged in with a valid master password.
  • the identity verification module 504 can check whether the current login account is useful to indicate that the login uses the master password.
  • the receiving module 502 is further configured to: after the verification is passed, receive the input secondary password and the permission corresponding to the secondary password. If it is verified that the current login account is using the master password identity, the verification is passed.
  • the prompting module may prompt to input a secondary password and prompt to set a permission corresponding to the secondary password. Different permissions correspond to different functions.
  • the password classification management system further includes a function setting module, configured to preset and save a function corresponding to the permission.
  • the correspondence relationship storage module 506 stores the correspondence between the current login account, the secondary password, and the corresponding authority.
  • the correspondence storage module 506 can store the correspondence between the current login account and the secondary password, and store the correspondence between the secondary password and the permission.
  • the receiving module 502 is further configured to receive a request for modifying the permission corresponding to the secondary password; the identity verification module 504 is further configured to verify whether the current login account is used to log in, and the receiving module 502 is further configured to verify After the pass, the input modified permission is received; the corresponding relationship storage module 506 is further configured to store the correspondence between the secondary password and the modified authority.
  • the request for modifying the permission corresponding to the secondary password includes the information of the secondary password and the modified authority.
  • the correspondence relationship storage module 506 can query the original authority corresponding to the secondary password included in the request in the correspondence table of the secondary password and the authority, and modify the original authority to the modified authority included in the request; or, the correspondence relationship storage module 506 can Delete the record corresponding to the secondary password included in the request, and add a record containing the secondary password and the modified authority.
  • the receiving module 502 is further configured to receive a request for modifying a secondary password;
  • the identity verification module 504 is further configured to verify a type of a password used when the current login account is logged in;
  • the receiving module 502 is further configured to: if the type of the used password is a primary password, receive the input original secondary password to be modified and the corresponding new secondary password, and the corresponding relationship storage module 506 is further configured to use the current login account and the original secondary password. And the corresponding relationship between the corresponding rights is modified to be a correspondence between the current login account, the new secondary password, and the corresponding permission;
  • the receiving module 502 is further configured to: if the type of the used password is a secondary password, receive the input new secondary password, and the corresponding relationship storage module 506 is further configured to save the correspondence between the original secondary password and the new secondary password used in the login;
  • the password classification management apparatus further includes a monitoring module and a sending module (not shown), the monitoring module waits for the current login account to re-log in with the master password; and the sending module is configured to log in again with the master password when the current login account is re-registered.
  • the receiving module 502 is further configured to receive the approval result sent by the login client;
  • the correspondence storage module 506 is further configured to The result of the approval is to modify the original secondary password or to abort the original secondary password. If the result of the approval indicates that the modification is allowed, the correspondence storage module 506 modifies the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding authority, and The correspondence between the original secondary password and the new secondary password used in the saved login is deleted; the correspondence storage module 506 is further configured to delete the original secondary password and the new secondary used when the saved login is not allowed to be modified. The correspondence of passwords.
  • the secondary password can be modified according to requirements, for example, the secondary password is modified into a better memory sequence, and the rights corresponding to the original secondary password are retained, thereby providing operational convenience.
  • the receiving module 502 is further configured to receive a login request, where the login request includes an account number and a password.
  • the authentication module 504 is also used to verify the legitimacy and type of the password included in the login request.
  • the correspondence storage module 506 can store the correspondence between the account and the master password and the correspondence between the account and the secondary password in two different data tables
  • the identity verification module 504 can store the account and the master password.
  • the password corresponding to the account included in the login request is searched. If the search is successful, the found password is matched with the password included in the login request. If the matching is consistent, the password included in the login request is determined. It is legal and the password type is the primary password. If the matching is inconsistent, it is determined that the password included in the login request is not a valid password; if the search fails, the login request is included in the data table corresponding to the storage account and the secondary password.
  • the password is matched with the password included in the login request. If the matching is consistent, it is determined that the password included in the login request is legal and the password type is a secondary password. If it fails, it is determined that the password included in the login request is not a valid password.
  • the correspondence storage module 506 can store the correspondence between the account and the password (including the primary password and the secondary password) into a data table, and add a field marking the password type to the data table;
  • the password type field can be a Boolean type, which is used to indicate whether it is a master password (or to indicate whether it is a secondary password); if the field is yes, it is a master password (or a secondary password).
  • the field of the tag password type may also be a string type, which is used to represent the password parameter of the password, and the permission parameter may be understood as the name of the password; when the primary password and the secondary password are stored, the primary password and the secondary password may be set.
  • the prefix characters of the permission parameters are different.
  • the permission parameter corresponding to the primary password starts with “main”, and the permission parameter corresponding to the secondary password starts with “sub”; or, since there is only one primary password, the permission parameter may not be set when the primary password is stored.
  • the permission parameter is set when the secondary password is stored.
  • the identity verification module 504 can search the account included in the login request in the data table that stores the correspondence between the account and the password, and obtain the corresponding password, and match the obtained password with the password included in the login request. It is determined that the password included in the login request is not a valid password; if the matching is consistent, it is determined according to the corresponding field of the marked primary password and the secondary password that the password included in the login request is a primary password or a secondary password.
  • the password grading management system further includes a function providing module 602, configured to: if the password included in the login request is legal, obtain the corresponding privilege according to the type of the password, and provide corresponding according to the corresponding privilege The function.
  • the process of the function providing module 602 obtaining the corresponding permission according to the type of the password includes: if the password included in the login request is a secondary password, querying the permission corresponding to the password included in the login request; if the password included in the login request is the primary password, Get the permissions corresponding to the default master password.
  • the default master password corresponds to all permissions, as there is no need to restrict permissions for the master password.
  • the prompting module may prompt the password input error.
  • the password classification management system further includes a permission parameter generation module 702, configured to generate a permission parameter corresponding to the secondary password after receiving the input secondary password and the permission corresponding to the secondary password;
  • the module 506 is configured to store a correspondence between the current login account, the secondary password, and the corresponding permission parameter, and store a correspondence between the permission parameter and the corresponding permission.
  • the permission parameter is a symbol name or a numeric serial number for identifying the secondary password
  • the permission parameter of the secondary password can be understood as the name of the secondary password, and the permission parameters corresponding to the different secondary passwords are different.
  • the correspondence relationship storage module 506 can store the correspondence between the current login account, the secondary password and the corresponding permission parameter, and the correspondence between the permission parameter and the authority in two different data tables.
  • the process of querying the privilege corresponding to the password included in the login request by the function providing module 602 includes: obtaining a privilege parameter corresponding to the password included in the login request, and querying the privilege corresponding to the privilege parameter.
  • the process of the corresponding relationship storage module 506 storing the correspondence between the secondary password and the modified authority includes: obtaining the permission parameter corresponding to the secondary password, and storing the correspondence between the obtained permission parameter and the modified authority.
  • the correspondence relationship storage module 506 can query the original authority corresponding to the obtained permission parameter in the correspondence table between the permission parameter and the authority, and modify the original authority to the modified authority included in the request; or delete the record corresponding to the obtained permission parameter. And add a record that contains the obtained permission parameters with the modified permissions.
  • the process in which the correspondence relationship storage module 506 modifies the correspondence between the current login account, the original secondary password, and the corresponding authority to the correspondence between the current login account, the new secondary password, and the corresponding permission includes: The correspondence between the current login account, the original secondary password, and the corresponding permission parameters is changed to the correspondence between the current login account, the new secondary password, and the corresponding permission parameters.
  • the password involves the security of the user information
  • the password needs a higher storage security level.
  • the password and the authority are separately stored and managed, and the secondary password and the authority are corresponding through the intermediate permission parameter, so that the password is safely implemented separately.
  • Storage management can not only ensure the security of user passwords, but also reduce storage management costs.
  • the password classification management method and system after receiving the secondary password setting request of the current login account, verify whether the current login account is used as a master password, and after the verification is passed, the input secondary password and the password corresponding to the secondary password are received. Stores the correspondence between the current login account secondary password and the corresponding permissions.
  • the sub password of the account when an account is logged in using the master password, the sub password of the account can be set and the permission corresponding to the sub password can be set, thereby preventing the account from leaking the user information or tampering with the account password when using the secondary password.
  • the above method and system can improve information security when multiple users share the same account.
  • FIG. 8 is a block diagram of a computer system 1000 in which embodiments of the present application can be implemented.
  • the computer system 1000 is merely an example of a computer environment suitable for use in the present application and is not to be considered as limiting the scope of use of the application.
  • Computer system 1000 is also not to be construed as requiring a combination of one or more components in an exemplary computer system 1000 that is dependent on or illustrated.
  • Computer system 1000 shown in Figure 8 is an example of a computer system suitable for use in the present application.
  • Other architectures with different subsystem configurations can also be used.
  • desktops, notebooks, and the like that are well known to the public can be applied to some embodiments of the present application. However, it is not limited to the devices listed above.
  • computer system 1000 includes a processor 1010, a memory 1020, and a system bus 1022.
  • processor 1010 is a hardware for executing computer program instructions through basic arithmetic and logic operations in a computer system.
  • Memory 1020 is a physical device for temporarily or permanently storing computing programs or data (eg, program state information).
  • System bus 1020 can be any of the following types of bus structures, including a memory bus or memory controller, a peripheral bus, and a local bus.
  • the processor 1010 and the memory 1020 can communicate via the system bus 1022.
  • the memory 1020 includes a read only memory (ROM) or a flash memory (neither shown), and a random access memory (RAM), which generally refers to a main memory loaded with an operating system and an application.
  • ROM read only memory
  • flash memory non-volatile memory
  • RAM random access memory
  • Computer system 1000 also includes a display interface 1030 (eg, a graphics processing unit), a display device 1040 (eg, a liquid crystal display), an audio interface 1050 (eg, a sound card), and an audio device 1060 (eg, a speaker).
  • Display device 1040 and audio device 1060 are media devices for experiencing multimedia content.
  • Computer system 1000 generally includes a storage device 1070.
  • Storage device 1070 can be selected from a variety of computer readable storage media, which are any available media that can be accessed by computer system 1000, including both mobile and fixed media.
  • a computer readable storage medium includes, but is not limited to, a flash memory (micro SD card), a CD-ROM, a digital versatile disc (DVD) or other optical disc storage, a magnetic tape cartridge, a magnetic tape, a magnetic disk storage, or other magnetic storage device, or Any other medium that can be used to store the required information and be accessible by computer system 1000.
  • Computer system 1000 also includes an input device 1080 and an input interface 1090 (eg, an IO controller).
  • input device 1080 such as a keyboard, mouse, touch panel device on display device 1040.
  • Input device 1080 is typically coupled to system bus 1022 via input interface 1090, but may be coupled via other interfaces or bus structures, such as a universal serial bus (USB).
  • USB universal serial bus
  • Computer system 1000 can be logically coupled to one or more network devices in a network environment.
  • the network device can be a personal computer, server, router, smart phone, tablet or other public network node.
  • the computer system 1000 is connected to the network device via a local area network (LAN) interface 1100 or a mobile communication unit 1110.
  • LAN local area network
  • a local area network (LAN) is a network of computers that are interconnected in a limited area, such as a home, school, computer lab, or office building that uses network media.
  • WiFi and twisted pair cabling Ethernet are the two most commonly used technologies for building LANs.
  • WiFi is a technology that enables computer systems 1000 to exchange data or connect to a wireless network via radio waves.
  • the mobile communication unit 1110 can answer and make calls over a radio communication line while moving within a wide geographical area. In addition to the call, the mobile communication unit 1110 also supports Internet access in a 2G, 3G or 4G cellular communication system providing mobile data services.
  • computer system 1000 can include a Bluetooth unit that can exchange data over short distances, an image sensor for photography, and an accelerometer for measuring acceleration.
  • computer system 1000 suitable for use in the present application is capable of performing the operations specified by the password hierarchy management method.
  • Computer system 1000 performs these operations in the form of software instructions that processor 1010 runs in a computer readable storage medium.
  • These software instructions can be read into memory 1020 from storage device 1070 or from another device via local area network interface 1100.
  • the software instructions stored in the memory 1020 cause the processor 1010 to perform the password hierarchy management method described above.
  • the present application can also be implemented by a hardware circuit or a hardware circuit in combination with a software instruction. Thus, implementation of the application is not limited to any specific combination of hardware circuitry and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de gestion de classification de mots de passe consistant à : recevoir une demande de définition de mot de passe secondaire d'un compte de connexion actuel ; vérifier si un mot de passe utilisé durant la connexion du compte de connexion actuel est un mot de passe primaire ; et après que la vérification a réussi, recevoir un mot de passe secondaire d'entrée et une permission correspondant au mot de passe secondaire, et enregistrer des corrélations entre le compte de connexion actuel, le mot de passe secondaire et la permission correspondante, le mot de passe primaire et le mot de passe secondaire étant deux types de mots de passe du compte, et un mot de passe primaire correspondant à un ou plusieurs mots de passe secondaires. Dans le procédé, quand un certain compte est connecté au moyen d'un mot de passe primaire, un mot de passe secondaire du compte et une permission correspondant au mot de passe secondaire peuvent être définis. Il est ainsi possible d'éviter la divulgation des informations d'utilisateur ou l'altération du mot de passe du compte quand le compte est connecté au moyen du mot de passe secondaire. Le procédé et le système peuvent renforcer la sécurité des informations quand une pluralité d'utilisateurs partagent le même compte. L'invention concerne également un système de gestion de classification de mots de passe.
PCT/CN2014/095930 2013-12-31 2014-12-31 Procédé et système de gestion de classification de mots de passe Ceased WO2015101332A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310754703.9 2013-12-31
CN201310754703.9A CN104753677B (zh) 2013-12-31 2013-12-31 密码分级控制方法和系统

Publications (1)

Publication Number Publication Date
WO2015101332A1 true WO2015101332A1 (fr) 2015-07-09

Family

ID=53493271

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/095930 Ceased WO2015101332A1 (fr) 2013-12-31 2014-12-31 Procédé et système de gestion de classification de mots de passe

Country Status (2)

Country Link
CN (1) CN104753677B (fr)
WO (1) WO2015101332A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222483A (zh) * 2019-04-18 2019-09-10 深圳壹账通智能科技有限公司 数据处理方法、数据处理装置、终端及存储介质
CN112651002A (zh) * 2020-12-31 2021-04-13 大为国际工程咨询有限公司 一种工程造价清单智能组价方法、系统以及存储介质
CN113225306A (zh) * 2021-02-22 2021-08-06 北京神州慧安科技有限公司 一种针对工业物联网数据采集层终端设备的安全防护体系
CN114172716A (zh) * 2021-12-02 2022-03-11 北京金山云网络技术有限公司 登录方法、装置、电子设备及存储介质
CN118611936A (zh) * 2024-06-07 2024-09-06 北京火山引擎科技有限公司 登录控制方法、应用客户端、设备、介质和程序产品

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105373745A (zh) * 2015-11-12 2016-03-02 深圳市华德安科技有限公司 执法记录仪数据访问控制方法、装置及执法记录仪
CN109361936A (zh) * 2018-09-07 2019-02-19 深圳技威时代科技有限公司 安全分享智能设备的系统和方法
CN112012656A (zh) * 2019-05-31 2020-12-01 安百拓(南京)建筑矿山设备有限公司 凿岩台车的管理装置及管理方法
CN110474910A (zh) * 2019-08-19 2019-11-19 甘肃万华金慧科技股份有限公司 一种权限管理方法
CN110519056B (zh) * 2019-10-11 2023-02-07 广东虹勤通讯技术有限公司 一种登录方法、密码生成方法、及其相关装置
CN111159771A (zh) * 2019-12-30 2020-05-15 论客科技(广州)有限公司 一种应用程序的显示方法、服务器及终端
CN112039851B (zh) * 2020-08-07 2021-09-21 郑州阿帕斯数云信息科技有限公司 服务器登录方法、系统及装置
CN114499992B (zh) * 2021-12-30 2025-01-21 上海芯希信息技术有限公司 登录方法、系统、用户设备及存储介质
CN115442120A (zh) * 2022-08-31 2022-12-06 中国银行股份有限公司 密码验证方法及装置

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1881228A (zh) * 2005-06-14 2006-12-20 华为技术有限公司 一种控制系统帐号权限的方法
CN101183468A (zh) * 2006-11-13 2008-05-21 杨文烈 终端登录系统及方法
CN102271332A (zh) * 2011-07-18 2011-12-07 中兴通讯股份有限公司 终端信息保密方法及装置

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103400067B (zh) * 2013-03-29 2016-08-10 青岛海信电器股份有限公司 权限管理方法、系统及服务器

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1881228A (zh) * 2005-06-14 2006-12-20 华为技术有限公司 一种控制系统帐号权限的方法
CN101183468A (zh) * 2006-11-13 2008-05-21 杨文烈 终端登录系统及方法
CN102271332A (zh) * 2011-07-18 2011-12-07 中兴通讯股份有限公司 终端信息保密方法及装置

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110222483A (zh) * 2019-04-18 2019-09-10 深圳壹账通智能科技有限公司 数据处理方法、数据处理装置、终端及存储介质
CN112651002A (zh) * 2020-12-31 2021-04-13 大为国际工程咨询有限公司 一种工程造价清单智能组价方法、系统以及存储介质
CN112651002B (zh) * 2020-12-31 2023-04-18 大为国际工程咨询有限公司 一种工程造价清单智能组价方法、系统以及存储介质
CN113225306A (zh) * 2021-02-22 2021-08-06 北京神州慧安科技有限公司 一种针对工业物联网数据采集层终端设备的安全防护体系
CN114172716A (zh) * 2021-12-02 2022-03-11 北京金山云网络技术有限公司 登录方法、装置、电子设备及存储介质
CN118611936A (zh) * 2024-06-07 2024-09-06 北京火山引擎科技有限公司 登录控制方法、应用客户端、设备、介质和程序产品

Also Published As

Publication number Publication date
CN104753677B (zh) 2019-02-01
CN104753677A (zh) 2015-07-01

Similar Documents

Publication Publication Date Title
WO2015101332A1 (fr) Procédé et système de gestion de classification de mots de passe
WO2019127973A1 (fr) Procédé, système et dispositif d'authentification d'autorité pour référentiel de miroirs et support de stockage
CN107342992B (zh) 一种系统权限管理方法、装置及计算机可读存储介质
CN110414268B (zh) 访问控制方法、装置、设备及存储介质
WO2016169410A1 (fr) Procédé et dispositif d'ouverture de session, serveur et système d'ouverture de session
WO2021006616A1 (fr) Procédé pour fournir un service d'identifiant décentralisé relationnel et nœud de chaîne de blocs l'utilisant
CN103095720B (zh) 一种基于会话管理服务器的云存储系统的安全管理方法
WO2019024126A1 (fr) Procédé de gestion d'informations de connaissance basé sur une chaîne de blocs, et terminal et serveur
CN105516059B (zh) 一种资源访问控制方法和装置
CN111475841A (zh) 一种访问控制的方法、相关装置、设备、系统及存储介质
WO2013191325A1 (fr) Procédé pour authentifier un identifiant d'ouverture par plate-forme de confiance, et appareil et système associés
CN109634619A (zh) 可信执行环境实现方法及装置、终端设备、可读存储介质
WO2017190561A1 (fr) Procédé permettant de réaliser une entrée de mot de passe au moyen d'un clavier virtuel, terminal, serveur, système et support d'informations
WO2014185594A1 (fr) Système et procédé à authentification unique dans un environnement vdi
WO2020246706A1 (fr) Dispositif de gestion d'informations de document à base de chaîne de blocs pour garantir la fiabilité d'un document et son procédé de fonctionnement
WO2015069018A1 (fr) Système d'ouverture de session sécurisée et procédé et appareil pour celui-ci
WO2012099330A2 (fr) Système et procédé de délivrance d'une clé d'authentification pour authentifier un utilisateur dans un environnement cpns
CN104091102B (zh) 一种基于安卓系统的多用户管理方法及其装置
WO2014003516A1 (fr) Procédé et appareil de fourniture de partage de données
WO2020042471A1 (fr) Procédé, système, et dispositif de vérification de politique de pare-feu, et support de stockage lisible par machine
WO2020253120A1 (fr) Procédé, système et dispositif d'enregistrement de page web, et support de stockage informatique
WO2020246705A1 (fr) Appareil de gestion d'informations de documents permettant la gestion d'informations de documents sur la base d'une chaîne de blocs et son procédé de fonctionnement
WO2020062644A1 (fr) Procédé, appareil et dispositif de détection du bogue de détournement json et support d'enregistrement
CN108289129A (zh) 区块链生态环境创建方法、系统及计算机可读存储介质
CN114244565B (zh) 密钥分发方法、装置、设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14876573

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14876573

Country of ref document: EP

Kind code of ref document: A1