CN104281794A - Password storing and verifying method and password storing and verifying device - Google Patents
Password storing and verifying method and password storing and verifying device Download PDFInfo
- Publication number
- CN104281794A CN104281794A CN201410491961.7A CN201410491961A CN104281794A CN 104281794 A CN104281794 A CN 104281794A CN 201410491961 A CN201410491961 A CN 201410491961A CN 104281794 A CN104281794 A CN 104281794A
- Authority
- CN
- China
- Prior art keywords
- character
- eigenwert
- data
- user
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
 
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
An embodiment of the invention provides a password storing and verifying method and a password storing and verifying device. The method comprises the following steps of acquiring identity authentication information of a user; adding preset parameters in the identity authentication information to obtain a character string; performing Hash operation by using the character string to obtain a characteristic value; and extracting data at an appointed position as enciphered data from the characteristic value. By the password storing and verifying method and the password storing and verifying device, the complexity of passwords of a user can be improved, the defense capability of the passwords of the user can also be improved, Hash collision is avoided or reduced, so that the crack probability of the passwords is reduced, and the passwords of the user are prevented from leaking.
    Description
Technical field
      The present invention relates to field of information security technology, particularly relate to a kind of password storage means, a kind of method of password authentication, a kind of password storage device and a kind of password authentication device.
    Background technology
      Along with the development of informatization, it is still important problem that information security becomes gradually.Information security system under network environment is the key ensured information security.
      In Computer Service, the most common mode that to be also the most basic user's sign-on access control method be " usemame/password ", that is: user is when needs use a certain service, first a user name will be registered, and setting a corresponding with it password, the usemame/password of this user is stored in " User Information Database " by service provider.Whether, when user logs in, username and password is submitted to server and is carried out authentication by user, and server is compared by the username and password in calling and obtaining user information database, determine to login successfully, and then provides service.The mode of this direct stored in clear user and password is absolutely unsafe:
      First, User Information Database is easily attacked, and when assailant intrudes into User Information Database, all passwords will all be divulged a secret, and consequence will be catastrophic;
      Secondly, the development management person of service can contact the password of all users, and they can use any account to log in without subscriber authorisation, or are consciously or unconsciously leaked out by password.
      In order to solve the problem, most service provider can adopt the mode of encryption to store user name password, the most frequently used mode is: pass through hash function, convert the password of user to cryptographic hash, database of restoring, when user logs in, input usemame/password, service provider compares the cryptographic hash of username and password, if coupling, allows user log in and provide service.This mode avoids stored in clear password, has ensured user cipher safety to a certain extent, but still there is following problem:
      Although hash function is one " one-way function ", assailant is difficult to release initial value by cryptographic hash is counter, and assailant can pass through a structure password-cryptographic hash relation table, looks into user cipher by this table is counter.Due to the numeral that user cipher is all 6 to 8 usually, exhaustive all 6 bit digital combinations, data volume is 1,000,000 ranks namely, and exhaustive 6 is alphanumeric, and data volume is 1,000,000,000 ranks only.This is not difficult matter concerning assailant.Therefore, direct Hash user cipher, for simple password, defence capability is not very strong.
      Secondly, hash algorithm conventional at present, all there is collision problem in such as MD5, SHA-1 etc., that is: different passwords has identical cryptographic hash.Like this, even if user adopts more complicated password, if a cryptographic hash recorded in password-cryptographic hash relation table of having of its cryptographic hash and assailant collides, its password is cracked equally.Unfortunately, assailant often grasps the cryptographic hash easily collided in a large number.
      Therefore, the technical matters needing those skilled in the art urgently to solve at present is exactly: provide the method and apparatus that a kind of password stores and verifies, in order to strengthen the complexity of user cipher, thus strengthen the defence capability of user cipher, simultaneously, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
    Summary of the invention
      Embodiment of the present invention technical matters to be solved is to provide a kind of method providing password to store and verify, in order to strengthen the complexity of user cipher, thus strengthen the defence capability of user cipher, simultaneously, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
      Accordingly, the embodiment of the present invention additionally provides the device that a kind of password stores and verifies, in order to ensure the implementation and application of said method.
      In order to solve the problem, the invention discloses a kind of method that password stores, comprising:
      Obtain the authentication information of user;
      In described authentication information, add parameter preset form character string;
      Adopt described character string to carry out Hash operation, obtain eigenwert;
      The data of assigned address are extracted as enciphered data from described eigenwert.
      Preferably, the described data extracting assigned address from described eigenwert comprise as the step of enciphered data:
      Remove at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Remove the eigenwert after at least one of fisrt feature character and second feature character described in employing and generate enciphered data.
      Preferably, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      According to embodiments of the invention, also disclose a kind of method of password authentification, comprising:
      Obtain the authentication information of user;
      In described authentication information, add parameter preset form character string;
      Adopt described character string to carry out Hash operation, obtain eigenwert;
      The data of assigned address are extracted as comparison data from described eigenwert;
      Described comparison data is adopted to contrast with the enciphered data preset;
      If coupling, judges being verified of described password; Otherwise, judge that the checking of described password is not passed through.
      Preferably, the described data extracting assigned address from described eigenwert comprise as the step of comparison data:
      Remove at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Remove the eigenwert after at least one of fisrt feature character and second feature character described in employing and generate comparison data.
      Preferably, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      According to embodiments of the invention, also disclose the device that a kind of password stores, comprising:
      First authentication information acquisition module, for obtaining the authentication information of user;
      First character string forms module, forms character string for adding parameter preset in described authentication information;
      The First Eigenvalue obtains module, for adopting described character string to carry out Hash operation, obtains eigenwert;
      Enciphered data extraction module, for extracting the data of assigned address as enciphered data from described eigenwert.
      Preferably, described enciphered data extraction module comprises:
      Character removes submodule, for removing at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Enciphered data generates submodule, described in adopting, remove the generation of the eigenwert after at least one of fisrt feature character and second feature character enciphered data.
      Preferably, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      According to embodiments of the invention, also disclose a kind of device of password authentification, comprising:
      Second authentication information acquisition module, for obtaining the authentication information of user;
      Second character string forms module, forms character string for adding parameter preset in described authentication information;
      Second Eigenvalue obtains module, for adopting described character string to carry out Hash operation, obtains eigenwert;
      Comparison data extraction module, for extracting the data of assigned address as comparison data from described eigenwert;
      Data Comparison module, contrasts with the enciphered data preset for adopting described comparison data;
      Judge by submodule, for when comparison data is mated with the enciphered data preset, judge being verified of described password;
      Judge not by submodule, for when comparison data is not mated with the enciphered data preset, judge that the checking of described password is not passed through.
      Preferably, described comparison data extraction module comprises:
      Remove character submodule, for removing at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Comparison data generates submodule, described in adopting, remove the generation of the eigenwert after at least one of fisrt feature character and second feature character comparison data.
      Preferably, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      Compared with prior art, the embodiment of the present invention comprises following advantage:
      The present invention carries out Hash operation by adding parameter preset formation character string in described authentication information, the length inputted when not only can increase Hash operation, and character string when different user can be made to carry out Hash operation is not identical yet, thus the complexity of user cipher can be strengthened, even if assailant has the weak password Hash storehouse of magnanimity, also the real password of user cannot instead be released, thus strengthen the defence capability of user cipher, can avoid or reduce Hash collision, and, the data of assigned address are extracted as enciphered data from described eigenwert, enciphered data is not complete cryptographic hash, but Hash storehouse generally can based on database sharing, the index of database can be generally prefix index, therefore, adopt the index that cannot utilize database when Hash storehouse is counter looks into password, thus cause utilizing Hash storehouse decryption to be almost the task that cannot complete, therefore the probability that password is cracked can be reduced, guarantee that user cipher is not leaked.
      Further, the present invention is by removing at least one of fisrt feature character and second feature character in described eigenwert, in fisrt feature character, the quantity of character can be one or more, in second feature character, the quantity of character also can be one or more, therefore, the one in the combination of fisrt feature character and second feature character can be adopted when removing, make enciphered data, and/or, the generation of comparison data is more complicated, thus the complexity of user cipher can be strengthened, thus strengthen the defence capability of user cipher, simultaneously, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
      Further, the present invention, by comprising User Identity in user's ID authentication information, can make enciphered data, and/or, the information of User Identity is carried in comparison data, the information of the User Identity of each user can be unique, the enciphered data of each user, and/or, comparison data is also unique, therefore, the password collided be found quite difficult, the codon pair that there is same characteristic features value hardly may.Thus the complexity of user cipher can be strengthened, thus strengthen the defence capability of user cipher, meanwhile, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
    Accompanying drawing explanation
      Fig. 1 shows the flow chart of steps of the embodiment of the method that a kind of password of the present invention stores;
      Fig. 2 shows the flow chart of steps of the embodiment of the method for a kind of password authentification of the present invention;
      Fig. 3 shows the structured flowchart of the device embodiment that a kind of password of the present invention stores;
      Fig. 4 shows the structured flowchart of the device embodiment of a kind of password authentification of the present invention.
    Embodiment
      For enabling above-mentioned purpose of the present invention, feature and advantage become apparent more, and below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
      One of core idea of the embodiment of the present invention is, when user's registration or amendment authentication information, directly do not store the authentication information of user or the cryptographic hash of authentication information, but parameter preset is added in the authentication information of user, then carry out Hash operation and obtain eigenwert, and the data extracting assigned address in eigenwert store in a database as enciphered data.
      With reference to Fig. 1, show the flow chart of steps of the embodiment of the method that a kind of password of the present invention stores, specifically can comprise the steps:
      Step 101, obtains the authentication information of user;
      In specific implementation, authentication information can be the credential information that user obtains the service that service side provides.
      Preferably, authentication information can comprise User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      UID (User Identification, user identity proves), and/or, user name can be the field for identifying user unique identities, UID can be user when registering, the Digital ID that system is distributed automatically, and this Digital ID can have one or more numerical character usually, further, the UID of each user can be unique.
      When user has inputted the authentication information of this user, system can get this authentication information on backstage.
      It should be noted that, User Identity can also be the field of other identifying user unique identities, and those skilled in the art can according to actual needs, select the field of suitable identifying user unique identities as User Identity.
      The present invention is by comprising User Identity in user's ID authentication information, enciphered data can be made, and/or carry the information of User Identity in comparison data, the information of the User Identity of each user can be unique, the enciphered data of each user, and/or comparison data is also unique, therefore, find the password collided quite difficult, the codon pair that there is same characteristic features value hardly may.Thus the complexity of user cipher can be strengthened, thus strengthen the defence capability of user cipher, meanwhile, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
      Step 102, adds parameter preset and forms character string in described authentication information;
      In actual applications, parameter preset can be key constant, and key constant can be all identical for any user, and fixing character string.
      Parameter preset can be added in authentication information, User Identity, password and parameter preset can form character string in a certain order, such as, character string can be User Identity-password-parameter preset, also can be User Identity-parameter preset-password etc., this process can be referred to as " salt adding ".
      Step 103, adopts described character string to carry out Hash operation, obtains eigenwert;
      In a particular application, can call hash function and carry out Hash operation to the character string of salt adding, namely the cryptographic hash of acquisition can be eigenwert.
      It should be noted that, hash function can be any one in the hash functions such as MD5, SHA-1, and those skilled in the art according to actual needs, can select suitable hash function.
      Step 104, extracts the data of assigned address as enciphered data from described eigenwert.
      Application the embodiment of the present application, the cryptographic hash that Hash operation can be obtained, i.e. eigenwert, removes the data of ad-hoc location, thus can retain the data of assigned address, and the data extracting this assigned address are stored in database as enciphered data.
      In a kind of preferred exemplary of the embodiment of the present invention, described step 104 specifically can comprise following sub-step:
      Sub-step S11, removes at least one of fisrt feature character and second feature character in described eigenwert;
      Described fisrt feature character can comprise in described eigenwert the preceding one or more character that sorts, and described second feature character can comprise in described eigenwert the posterior one or more character that sorts;
      As a kind of example of embody rule of the present invention, cryptographic hash can as eigenwert, due to the character string that cryptographic hash can be 32, fisrt feature character can be the preceding one or more character that sorts in eigenwert, second feature character can be state in eigenwert the posterior one or more character that sorts, preferably, the character number sum of fisrt feature character and second feature character can be less than or equal to 8, fisrt feature character can comprise 2-4 character from character string first character, second feature character can comprise 2-4 character from last character of character string.
      Therefore, 2-4 character from first character can be removed from eigenwert, and/or, remove 2-4 character from last character.
      In actual applications, one can be chosen arbitrarily in the combination of fisrt feature character and second feature character to remove, such as, remove 3 characters in eigenwert from first character, and, remove 2 characters in eigenwert from last character.
      The present invention is by removing at least one of fisrt feature character and second feature character in described eigenwert, in fisrt feature character, the quantity of character can be one or more, in second feature character, the quantity of character also can be one or more, therefore, the one in the combination of fisrt feature character and second feature character can be adopted when removing, make enciphered data, and/or, the generation of comparison data is more complicated, thus the complexity of user cipher can be strengthened, thus strengthen the defence capability of user cipher, simultaneously, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
      Sub-step S12, removes the eigenwert after at least one of fisrt feature character and second feature character and generates enciphered data described in employing.
      After removing at least one of fisrt feature character and second feature character in eigenwert, character remaining in eigenwert can as the data of assigned address, and the data extracting this assigned address can generate enciphered data, and can be stored in database.
      The present invention carries out Hash operation by adding parameter preset formation character string in described authentication information, the length inputted when not only can increase Hash operation, and character string when different user can be made to carry out Hash operation is not identical yet, thus the complexity of user cipher can be strengthened, even if assailant has the weak password Hash storehouse of magnanimity, also the real password of user cannot instead be released, thus strengthen the defence capability of user cipher, can avoid or reduce Hash collision, and, the data of assigned address are extracted as enciphered data from described eigenwert, enciphered data is not complete cryptographic hash, but Hash storehouse generally can based on database sharing, the index of database can be generally prefix index, therefore, adopt the index that cannot utilize database when Hash storehouse is counter looks into password, thus cause utilizing Hash storehouse decryption to be almost the task that cannot complete, therefore the probability that password is cracked can be reduced, guarantee that user cipher is not leaked.
      For making those skilled in the art understand the present invention better, realizing the present invention below by way of employing function is example, further illustrates the embodiment of the present invention.
      For convenience of describing, the function that will adopt and parameter are made the following assumptions:
      A), User Identity is UID, also can take name in an account book or other can the field of identifying user unique identities;
      B), user cipher is PWD;
      C), key constant is SKEY;
      D), salt adding function is salt;
      E), hash function is hash, can be any one hash function;
      F), extracting function is mid;
      The step obtained after user authentication information is as follows:
      The first step, password salt adding: salt (UID+PWD+SKEY);
      Second step, gets cryptographic hash: hash (salt (UID+PWD+SKEY));
      3rd step, extracts the center section of cryptographic hash: mid (hash (salt (UID+PWD+SKEY)), 2,28);
      4th step, is stored into the net result that mid function calculates in database as enciphered data.
      Particularly, password salt adding can be adopt salt adding function salt UID, PWD and SKEY to be connected successively, form character string, then, hash function hash can be adopted to carry out Hash operation to character string, obtain cryptographic hash, again can with the center section extracting function mid extraction cryptographic hash, in embodiments of the present invention, cryptographic hash the 2nd can be extracted to the character on the 28th, it can be used as enciphered data to be stored in database.
      Password-cryptographic hash the relation table of assailant can be generally based on database sharing, the index of database can be generally prefix index, because the present invention does not store complete cryptographic hash, and the part only stored in the middle of cryptographic hash, therefore, when assailant adopts cryptographic hash to look into password according to password-cryptographic hash relation table is counter, cannot index be utilized, thus cause utilizing the anti-password of looking into of password-cryptographic hash relation table can be the task that cannot complete.
      With reference to Fig. 2, show the flow chart of steps of the embodiment of the method for a kind of password authentification of the present invention, specifically can comprise the steps:
      Step 201, obtains the authentication information of user;
      In a kind of preferred exemplary of the present invention, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      The present invention is by comprising User Identity in user's ID authentication information, enciphered data can be made, and/or carry the information of User Identity in comparison data, the information of the User Identity of each user can be unique, the enciphered data of each user, and/or comparison data is also unique, therefore, find the password collided quite difficult, the codon pair that there is same characteristic features value hardly may.Thus the complexity of user cipher can be strengthened, thus strengthen the defence capability of user cipher, meanwhile, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
      Step 202, adds parameter preset and forms character string in described authentication information;
      Step 203, adopts described character string to carry out Hash operation, obtains eigenwert;
      Step 204, extracts the data of assigned address as comparison data from described eigenwert;
      It should be noted that, comparison data can adopt the create-rule identical with the enciphered data preset, and can comprise identical parameter preset, identical hash algorithm, and, extract from described eigenwert with the data of the identical assigned address of enciphered data preset as comparison data.
      In a kind of preferred exemplary of the embodiment of the present invention, described step 204 specifically can comprise following sub-step:
      Sub-step S21, removes at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Sub-step S22, removes the eigenwert after at least one of fisrt feature character and second feature character and generates comparison data described in employing.
      The present invention is by removing at least one of fisrt feature character and second feature character in described eigenwert, in fisrt feature character, the quantity of character can be one or more, in second feature character, the quantity of character also can be one or more, therefore, the one in the combination of fisrt feature character and second feature character can be adopted when removing, make enciphered data, and/or, the generation of comparison data is more complicated, thus the complexity of user cipher can be strengthened, thus strengthen the defence capability of user cipher, simultaneously, avoid or reduce Hash collision, thus the probability that reduction password is cracked, guarantee that user cipher is not leaked.
      Step 205, adopts described comparison data to contrast with the enciphered data preset; If coupling, perform step 206; Otherwise, perform step 207;
      In specific implementation, the enciphered data preset can prestore in a database, the enciphered data preset is identical with the generative process of correlation data, comparison data is adopted to contrast with the enciphered data preset, judge that whether comparison data is consistent with enciphered data, if unanimously, comparison data can be mated with enciphered data, then can show that the authentication information obtained when generating comparison data is identical with the authentication information obtained when generating the enciphered data preset, perform step 206; If inconsistent, comparison data cannot be mated with enciphered data, then can show that the authentication information obtained when generating comparison data is not identical with the authentication information obtained when generating the enciphered data preset, perform step 207.
      Step 206, judges being verified of described password;
      When comparison data can be mated with enciphered data, can show that the authentication information inputted is correct, can by the checking of password.
      Step 207, judges that the checking of described password is not passed through.
      When comparison data cannot be mated with enciphered data, can show that the authentication information inputted is incorrect, can not by the checking of password.
      The present invention carries out Hash operation by adding parameter preset formation character string in described authentication information, the length inputted when not only can increase Hash operation, and character string when different user can be made to carry out Hash operation is not identical yet, thus the complexity of user cipher can be strengthened, even if assailant has the weak password Hash storehouse of magnanimity, also the real password of user cannot instead be released, thus strengthen the defence capability of user cipher, can avoid or reduce Hash collision, and, the data of assigned address are extracted as enciphered data from described eigenwert, enciphered data is not complete cryptographic hash, but Hash storehouse generally can based on database sharing, the index of database can be generally prefix index, therefore, adopt the index that cannot utilize database when Hash storehouse is counter looks into password, thus cause utilizing Hash storehouse decryption to be almost the task that cannot complete, therefore the probability that password is cracked can be reduced, guarantee that user cipher is not leaked.
      It should be noted that, for embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the embodiment of the present invention is not by the restriction of described sequence of movement, because according to the embodiment of the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action might not be that the embodiment of the present invention is necessary.
      With reference to Fig. 3, show the structured flowchart of the device embodiment that a kind of password of the present invention stores, specifically can comprise as lower module:
      First authentication information acquisition module 301, for obtaining the authentication information of user;
      First character string forms module 302, forms character string for adding parameter preset in described authentication information;
      The First Eigenvalue obtains module 303, for adopting described character string to carry out Hash operation, obtains eigenwert;
      Enciphered data extraction module 304, for extracting the data of assigned address as enciphered data from described eigenwert.
      In a kind of preferred exemplary of the embodiment of the present invention, described enciphered data extraction module 304 specifically can comprise following submodule:
      Character removes submodule, for removing at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Enciphered data generates submodule, described in adopting, remove the generation of the eigenwert after at least one of fisrt feature character and second feature character enciphered data.
      In a kind of preferred exemplary of the embodiment of the present invention, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      For the device embodiment that the password shown in Fig. 3 stores, due to the embodiment of the method basic simlarity that the password shown in itself and Fig. 1 stores, so description is fairly simple, the part of the embodiment of the method for the password storage that relevant part is shown in Figure 1 illustrates.
      With reference to Fig. 4, show the structured flowchart of the device embodiment of a kind of password authentification of the present invention, specifically can comprise as lower module:
      Second authentication information acquisition module 401, for obtaining the authentication information of user;
      Second character string forms module 402, forms character string for adding parameter preset in described authentication information;
      Second Eigenvalue obtains module 403, for adopting described character string to carry out Hash operation, obtains eigenwert;
      Comparison data extraction module 404, for extracting the data of assigned address as comparison data from described eigenwert;
      Data Comparison module 405, contrasts with the enciphered data preset for adopting described comparison data;
      Judge by submodule 406, for when comparison data is mated with the enciphered data preset, judge being verified of described password;
      Judge not by submodule 407, for when comparison data is not mated with the enciphered data preset, judge that the checking of described password is not passed through.
      In a kind of preferred exemplary of the embodiment of the present invention, described comparison data extraction module 404 specifically can comprise following submodule:
      Remove character submodule, for removing at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Comparison data generates submodule, described in adopting, remove the generation of the eigenwert after at least one of fisrt feature character and second feature character comparison data.
      In a kind of preferred exemplary of the embodiment of the present invention, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
      For the device embodiment of the password authentification shown in Fig. 4, due to the embodiment of the method basic simlarity of the password authentification shown in itself and Fig. 2, so description is fairly simple, the part of the embodiment of the method for the password authentification that relevant part is shown in Figure 2 illustrates.
      Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
      Those skilled in the art should understand, the embodiment of the embodiment of the present invention can be provided as method, device or computer program.Therefore, the embodiment of the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the embodiment of the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disk memory, CD-ROM, optical memory etc.) of computer usable program code.
      The embodiment of the present invention describes with reference to according to the process flow diagram of the method for the embodiment of the present invention, terminal device (system) and computer program and/or block scheme.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block scheme and/or square frame and process flow diagram and/or block scheme and/or square frame.These computer program instructions can being provided to the processor of multi-purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminal equipment to produce a machine, making the instruction performed by the processor of computing machine or other programmable data processing terminal equipment produce device for realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
      These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing terminal equipment, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
      These computer program instructions also can be loaded on computing machine or other programmable data processing terminal equipment, make to perform sequence of operations step to produce computer implemented process on computing machine or other programmable terminal equipment, thus the instruction performed on computing machine or other programmable terminal equipment is provided for the step realizing the function of specifying in process flow diagram flow process or multiple flow process and/or block scheme square frame or multiple square frame.
      Although described the preferred embodiment of the embodiment of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of embodiment of the present invention scope.
      Finally, also it should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or terminal device and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or terminal device.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the terminal device comprising described key element and also there is other identical element.
      Above to the method and apparatus that a kind of password provided by the present invention stores and verifies, be described in detail, apply specific case herein to set forth principle of the present invention and embodiment, the explanation of above embodiment just understands method of the present invention and core concept thereof for helping; Meanwhile, for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
    Claims (10)
1. a method for password storage, is characterized in that, comprising:
      Obtain the authentication information of user;
      In described authentication information, add parameter preset form character string;
      Adopt described character string to carry out Hash operation, obtain eigenwert;
      The data of assigned address are extracted as enciphered data from described eigenwert.
    2. method according to claim 1, is characterized in that, the described data extracting assigned address from described eigenwert comprise as the step of enciphered data:
      Remove at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Remove the eigenwert after at least one of fisrt feature character and second feature character described in employing and generate enciphered data.
    3. method according to claim 1 and 2, is characterized in that, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
    4. a method for password authentification, is characterized in that, comprising:
      Obtain the authentication information of user;
      In described authentication information, add parameter preset form character string;
      Adopt described character string to carry out Hash operation, obtain eigenwert;
      The data of assigned address are extracted as comparison data from described eigenwert;
      Described comparison data is adopted to contrast with the enciphered data preset;
      If coupling, judges being verified of described password; Otherwise, judge that the checking of described password is not passed through.
    5. method according to claim 4, is characterized in that, the described data extracting assigned address from described eigenwert comprise as the step of comparison data:
      Remove at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Remove the eigenwert after at least one of fisrt feature character and second feature character described in employing and generate comparison data.
    6. the method according to claim 4 or 5, is characterized in that, described user's ID authentication information comprises User Identity, and, password, described User Identity comprises user identity proves UID, and/or, user name.
    7. a device for password storage, is characterized in that, comprising:
      First authentication information acquisition module, for obtaining the authentication information of user;
      First character string forms module, forms character string for adding parameter preset in described authentication information;
      The First Eigenvalue obtains module, for adopting described character string to carry out Hash operation, obtains eigenwert;
      Enciphered data extraction module, for extracting the data of assigned address as enciphered data from described eigenwert.
    8. device according to claim 7, is characterized in that, described enciphered data extraction module comprises:
      Character removes submodule, for removing at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Enciphered data generates submodule, described in adopting, remove the generation of the eigenwert after at least one of fisrt feature character and second feature character enciphered data.
    9. a device for password authentification, is characterized in that, comprising:
      Second authentication information acquisition module, for obtaining the authentication information of user;
      Second character string forms module, forms character string for adding parameter preset in described authentication information;
      Second Eigenvalue obtains module, for adopting described character string to carry out Hash operation, obtains eigenwert;
      Comparison data extraction module, for extracting the data of assigned address as comparison data from described eigenwert;
      Data Comparison module, contrasts with the enciphered data preset for adopting described comparison data;
      Judge by submodule, for when comparison data is mated with the enciphered data preset, judge being verified of described password;
      Judge not by submodule, for when comparison data is not mated with the enciphered data preset, judge that the checking of described password is not passed through.
    10. device according to claim 9, is characterized in that, described comparison data extraction module comprises:
      Remove character submodule, for removing at least one of fisrt feature character and second feature character in described eigenwert; Described fisrt feature character comprises in described eigenwert the preceding one or more character that sorts, and described second feature character comprises in described eigenwert the posterior one or more character that sorts;
      Comparison data generates submodule, described in adopting, remove the generation of the eigenwert after at least one of fisrt feature character and second feature character comparison data.
    Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN201410491961.7A CN104281794A (en) | 2014-09-23 | 2014-09-23 | Password storing and verifying method and password storing and verifying device | 
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| CN201410491961.7A CN104281794A (en) | 2014-09-23 | 2014-09-23 | Password storing and verifying method and password storing and verifying device | 
Publications (1)
| Publication Number | Publication Date | 
|---|---|
| CN104281794A true CN104281794A (en) | 2015-01-14 | 
Family
ID=52256658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN201410491961.7A Pending CN104281794A (en) | 2014-09-23 | 2014-09-23 | Password storing and verifying method and password storing and verifying device | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN104281794A (en) | 
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN106060078A (en) * | 2016-07-11 | 2016-10-26 | 浪潮(北京)电子信息产业有限公司 | User information encryption method, user registration method and user validation method applied to cloud platform | 
| CN107239379A (en) * | 2017-05-10 | 2017-10-10 | 杭州铭师堂教育科技发展有限公司 | Database performance Automatic monitoring systems based on salt | 
| CN107977569A (en) * | 2016-10-21 | 2018-05-01 | 佛山市顺德区顺达电脑厂有限公司 | Login cipher protection system | 
| CN108090358A (en) * | 2017-12-28 | 2018-05-29 | 哈尔滨安天科技股份有限公司 | A kind of method and system that Hash collision is defendd to hide anti-virus detection | 
| CN108282484A (en) * | 2018-01-30 | 2018-07-13 | 平安普惠企业管理有限公司 | Password acquisition methods, device, computer equipment and storage medium | 
| CN109800582A (en) * | 2017-11-17 | 2019-05-24 | 阿里巴巴集团控股有限公司 | Traceable multi-party data processing method, device and equipment | 
| CN110366229A (en) * | 2019-08-01 | 2019-10-22 | 深圳市昊一源科技有限公司 | A kind of wireless network connecting method, device, equipment and system | 
| CN110489466A (en) * | 2019-07-03 | 2019-11-22 | 平安证券股份有限公司 | Generation method, device, terminal device and the storage medium of invitation code | 
| CN110677422A (en) * | 2019-09-30 | 2020-01-10 | 重庆元韩汽车技术设计研究院有限公司 | Automobile remote control system and method | 
| CN111460479A (en) * | 2020-03-31 | 2020-07-28 | 广东培正学院 | Gallery encryption management system | 
| CN111475828A (en) * | 2020-05-14 | 2020-07-31 | 杭州烽顺科技信息服务有限公司 | Encryption method and device, decryption method and device of block chain account book data | 
| CN113094742A (en) * | 2021-03-15 | 2021-07-09 | 国政通科技有限公司 | Data desensitization method, data desensitization device, electronic device and storage medium | 
| CN113645198A (en) * | 2021-07-23 | 2021-11-12 | 谭静 | Computer network information safety monitoring method | 
| CN113806730A (en) * | 2021-09-18 | 2021-12-17 | 北京安天网络安全技术有限公司 | Safe password input method, system, equipment and medium | 
| CN113938324A (en) * | 2021-12-16 | 2022-01-14 | 成都车晓科技有限公司 | Block chain-based vehicle credit information safe storage method | 
| CN114282189A (en) * | 2021-12-28 | 2022-04-05 | 以萨技术股份有限公司 | A data security storage method, system, client and server | 
| CN116339621A (en) * | 2023-02-20 | 2023-06-27 | 中移动信息技术有限公司 | Data storage method, device, equipment and computer storage medium | 
| CN118134487A (en) * | 2024-05-07 | 2024-06-04 | 杭州易靓好车互联网科技有限公司 | Online payment identity intelligent authentication method based on digital signature | 
| CN119720203A (en) * | 2025-02-28 | 2025-03-28 | 浪潮电子信息产业股份有限公司 | Ransomware virus detection method and device, storage medium and computer program product | 
| CN119885152A (en) * | 2025-03-27 | 2025-04-25 | 江西三鑫医疗科技股份有限公司 | Method and device for generating security password of medical equipment | 
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN1879072A (en) * | 2003-09-12 | 2006-12-13 | Rsa安全公司 | System and method providing disconnected authentication | 
| CN102246166A (en) * | 2008-12-30 | 2011-11-16 | 国际商业机器公司 | Search engine service utilizing hash algorithms | 
| US20130067229A1 (en) * | 2011-09-09 | 2013-03-14 | Stoneware, Inc. | Method and apparatus for key sharing over remote desktop protocol | 
| CN103973651A (en) * | 2013-02-01 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Account password identification setting and inquiring method and device based on salt password bank | 
- 
        2014
        - 2014-09-23 CN CN201410491961.7A patent/CN104281794A/en active Pending
 
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN1879072A (en) * | 2003-09-12 | 2006-12-13 | Rsa安全公司 | System and method providing disconnected authentication | 
| CN102246166A (en) * | 2008-12-30 | 2011-11-16 | 国际商业机器公司 | Search engine service utilizing hash algorithms | 
| US20130067229A1 (en) * | 2011-09-09 | 2013-03-14 | Stoneware, Inc. | Method and apparatus for key sharing over remote desktop protocol | 
| CN103973651A (en) * | 2013-02-01 | 2014-08-06 | 腾讯科技(深圳)有限公司 | Account password identification setting and inquiring method and device based on salt password bank | 
Cited By (36)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| CN106060078A (en) * | 2016-07-11 | 2016-10-26 | 浪潮(北京)电子信息产业有限公司 | User information encryption method, user registration method and user validation method applied to cloud platform | 
| CN106060078B (en) * | 2016-07-11 | 2019-01-01 | 浪潮(北京)电子信息产业有限公司 | User information encryption method, register method and verification method applied to cloud platform | 
| CN107977569B (en) * | 2016-10-21 | 2021-11-12 | 佛山市顺德区顺达电脑厂有限公司 | Login password protection system | 
| CN107977569A (en) * | 2016-10-21 | 2018-05-01 | 佛山市顺德区顺达电脑厂有限公司 | Login cipher protection system | 
| CN107239379B (en) * | 2017-05-10 | 2018-05-08 | 杭州铭师堂教育科技发展有限公司 | Database performance Automatic monitoring systems based on salt | 
| CN107239379A (en) * | 2017-05-10 | 2017-10-10 | 杭州铭师堂教育科技发展有限公司 | Database performance Automatic monitoring systems based on salt | 
| CN109800582A (en) * | 2017-11-17 | 2019-05-24 | 阿里巴巴集团控股有限公司 | Traceable multi-party data processing method, device and equipment | 
| CN111737716B (en) * | 2017-11-17 | 2024-07-16 | 创新先进技术有限公司 | Traceable multiparty data processing method, traceable multiparty data processing device and traceable multiparty data processing equipment | 
| CN109800582B (en) * | 2017-11-17 | 2020-05-15 | 阿里巴巴集团控股有限公司 | Traceable multi-party data processing method, device and equipment | 
| CN111737716A (en) * | 2017-11-17 | 2020-10-02 | 阿里巴巴集团控股有限公司 | Traceable multi-party data processing method, device and equipment | 
| CN108090358A (en) * | 2017-12-28 | 2018-05-29 | 哈尔滨安天科技股份有限公司 | A kind of method and system that Hash collision is defendd to hide anti-virus detection | 
| CN108090358B (en) * | 2017-12-28 | 2021-07-20 | 哈尔滨安天科技集团股份有限公司 | Method and system for preventing Hash collision and avoiding antivirus detection | 
| CN108282484A (en) * | 2018-01-30 | 2018-07-13 | 平安普惠企业管理有限公司 | Password acquisition methods, device, computer equipment and storage medium | 
| CN108282484B (en) * | 2018-01-30 | 2021-03-02 | 平安普惠企业管理有限公司 | Password acquisition method and device, computer equipment and storage medium | 
| CN110489466B (en) * | 2019-07-03 | 2023-09-08 | 平安证券股份有限公司 | Method and device for generating invitation code, terminal equipment and storage medium | 
| CN110489466A (en) * | 2019-07-03 | 2019-11-22 | 平安证券股份有限公司 | Generation method, device, terminal device and the storage medium of invitation code | 
| CN110366229A (en) * | 2019-08-01 | 2019-10-22 | 深圳市昊一源科技有限公司 | A kind of wireless network connecting method, device, equipment and system | 
| CN110677422B (en) * | 2019-09-30 | 2021-11-09 | 重庆元韩汽车技术设计研究院有限公司 | Automobile remote control system and method | 
| CN110677422A (en) * | 2019-09-30 | 2020-01-10 | 重庆元韩汽车技术设计研究院有限公司 | Automobile remote control system and method | 
| CN111460479A (en) * | 2020-03-31 | 2020-07-28 | 广东培正学院 | Gallery encryption management system | 
| CN111460479B (en) * | 2020-03-31 | 2023-02-14 | 广东培正学院 | Gallery encryption management system | 
| CN111475828B (en) * | 2020-05-14 | 2022-05-13 | 杭州烽顺科技信息服务有限公司 | Encryption method and device, decryption method and device of block chain account book data | 
| CN111475828A (en) * | 2020-05-14 | 2020-07-31 | 杭州烽顺科技信息服务有限公司 | Encryption method and device, decryption method and device of block chain account book data | 
| CN113094742B (en) * | 2021-03-15 | 2024-05-03 | 国政通科技有限公司 | Data desensitizing method, data desensitizing device, electronic equipment and storage medium | 
| CN113094742A (en) * | 2021-03-15 | 2021-07-09 | 国政通科技有限公司 | Data desensitization method, data desensitization device, electronic device and storage medium | 
| CN113645198B (en) * | 2021-07-23 | 2023-12-26 | 天津航远信息技术有限公司 | Computer network information safety monitoring method | 
| CN113645198A (en) * | 2021-07-23 | 2021-11-12 | 谭静 | Computer network information safety monitoring method | 
| CN113806730A (en) * | 2021-09-18 | 2021-12-17 | 北京安天网络安全技术有限公司 | Safe password input method, system, equipment and medium | 
| CN113806730B (en) * | 2021-09-18 | 2024-03-08 | 北京安天网络安全技术有限公司 | Method, system, equipment and medium for inputting security password | 
| CN113938324A (en) * | 2021-12-16 | 2022-01-14 | 成都车晓科技有限公司 | Block chain-based vehicle credit information safe storage method | 
| CN114282189A (en) * | 2021-12-28 | 2022-04-05 | 以萨技术股份有限公司 | A data security storage method, system, client and server | 
| CN116339621A (en) * | 2023-02-20 | 2023-06-27 | 中移动信息技术有限公司 | Data storage method, device, equipment and computer storage medium | 
| CN118134487A (en) * | 2024-05-07 | 2024-06-04 | 杭州易靓好车互联网科技有限公司 | Online payment identity intelligent authentication method based on digital signature | 
| CN119720203A (en) * | 2025-02-28 | 2025-03-28 | 浪潮电子信息产业股份有限公司 | Ransomware virus detection method and device, storage medium and computer program product | 
| CN119885152A (en) * | 2025-03-27 | 2025-04-25 | 江西三鑫医疗科技股份有限公司 | Method and device for generating security password of medical equipment | 
| CN119885152B (en) * | 2025-03-27 | 2025-07-15 | 江西三鑫医疗科技股份有限公司 | Method and device for generating security password of medical equipment | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| CN104281794A (en) | Password storing and verifying method and password storing and verifying device | |
| CN111787530B (en) | Block chain digital identity management method based on SIM card | |
| US9634999B1 (en) | Mobile device key management | |
| US9998441B2 (en) | Client authentication using social relationship data | |
| CN107426235B (en) | Authority authentication method, device and system based on equipment fingerprint | |
| CN108965222B (en) | Identity authentication method, system and computer readable storage medium | |
| CN109272617B (en) | Unlocking verification method, server, door lock, electronic device and storage medium | |
| CN105812332A (en) | Data protection method | |
| CN105897675A (en) | Video service providing method, access authentication method, server and system | |
| EP4049154B1 (en) | Private password constraint validation | |
| CN102186173B (en) | Identity authentication method and system | |
| CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
| WO2019234426A1 (en) | Blockchain based access control using time-dependent obfuscation of access tokens | |
| CN104601602A (en) | Terminal device network security enhanced access and authentication method | |
| CN105553667A (en) | Dynamic password generating method | |
| CN106209793A (en) | A kind of auth method and checking system | |
| CN104270754A (en) | SIM authentication method and device | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| CN109617703B (en) | Key management method and device, electronic equipment and storage medium | |
| CN113726515B (en) | UKEY-based key processing method, storage medium and electronic device | |
| US9882879B1 (en) | Using steganography to protect cryptographic information on a mobile device | |
| CN109495500A (en) | A kind of double factor authentication method based on smart phone | |
| CN119129001A (en) | Data integrity verification method and device, electronic device and storage medium | |
| CN105590044A (en) | Information authentication method and apparatus | |
| CN104504309A (en) | Data encryption method and terminal for application program | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date: 20150114 |