Background technology
Along with Internet development, password has become us will face everyday, and mailbox is wanted password, and password is wanted in the website; Look into telephone expenses and want password, password is also wanted in shopping online, and panoramic password makes our brain expand most of people; Possible all websites, mailbox all are with identical password, once revealed, all passwords are all revealed; Even want to revise password, also be a great engineering, if each mailbox; Different ciphers is all adopted in the website, may well ask whose brain, can remember so many password.
Along with password is revealed taking place frequently of incident, a cover safety and easily the password method for using become everybody urgent demand gradually.If a plurality of websites use same password to be easy to finished off with one blow, if all use different complicated passwords to be difficult to memory again.Therefore we need a cover to help the safety problem that we solve password about the total solution of Password Management and cryptoguard
To cryptoguard and management, adopt the pattern of pure software mostly at present, adopt software records user's various user names, the mode of password.This mode provides convenience to the user, can help user record and administrator password.But this mode has individual shortcoming, and the user need remember at least one password at least, in case this password has forgotten that the information that possibly be correlated with has all been got to return.Also having a shortcoming is that professional platform independence is poor, and this type of software is local operation mostly, generally can on other computers or terminal, use, but use be complicated through modes such as derivation importings, and convenience is not enough.Therefore need a cover, need not remember any password, can realize again easy to be cross-platform, the how Password Management of point operation and protection scheme.
Domestic patent: 200920089497 disclose a kind of off-line fingerprint code management device; This patent substitutes password through fingerprint; But only be the process that substitutes cipher authentication through finger print identifying; Just the object information of authentication output is used for judging, can't compatible various the Internets and local the application, must use on the system that supports this device.Can't accomplish Password Management, and limitation is big.
Domestic patent: 200720190468.7 disclose a kind of electric signing tools with cryptography management function; It is through at the safe data storage unit and the Data Management Unit of set inside, storage and management input with related data login account or password, and can directly obtain said number of the account or code data through the computer that is connected with this electric signing tools or the output device of electric signing tools; This patent; That this patent can't realize is cross-platform, striding equipment, interdepartmental system is seamless shares the data that access to your password synchronously, after the electric signing tools of this patent is lost, can't give code data for change; The safety measure of this equipment itself is not set forth clear yet; Like the no any data protection measure of this equipment itself, after obtaining, others might utilize this equipment to land relevant number of the account, like this equipment cryptoguard mechanism is arranged itself; Then the user still must write down at least one password, the same risk of forgeing and revealing that exists.
In summary, it is safe in utilization to password to only depend on existing Password Management and guard method to satisfy the user, property easy to use, and the demand of ease for use presses for a kind of adaptation intelligent user name cryptoguard and management method current the Internet era.
Summary of the invention
The object of the invention will solve the deficiency that above-mentioned technology exists just, and a kind of cryptoguard and management method are provided.
The present invention solves the technical scheme that its technical problem adopts: this cryptoguard and management method, and this method step is following:
(1), when the user uses the password protection terminal for the first time, carries out authentication earlier, i.e. the registration of user's biological characteristic;
(2), the user connects the password protection terminal, carries out identity comparison authentication; After authentication is passed through, read the password protection code data and with the cloud data sync;
(3), detect user's application, detect user name and password and whether exist; If exist, then user name and password use automatically;
(4) if do not have name in an account book and password in user's the application, then detect and whether carry out user's registration, if select user's registration, then store user name and password; If do not register, then manually input user name and password, store user name and password again.
As preferably, concrete steps are following in step (1): connect and the password protection terminal is installed; The user carries out first authentication; , register and test biological characteristic; Simultaneous user's identity information; Register successfully.
As preferably, password protection is following with the step of the Cloud Server backed up in synchronization of far-end: the user is connected the password protection terminal, carries out identity comparison authentication; After authentication is passed through, the local and high in the clouds code data of contrast; Detect total information and upload local update; Upload and download differential password data local and high in the clouds; Success synchronously.
As preferably, the concrete steps that back reduction password protection is lost in password protection are following: the user connects new password protection terminal, carries out identity comparison authentication; After authentication is passed through, download user name, password and account information, updated account synchronously; The account reduces success.
As preferably, the built-in safe storage in password protection terminal, hardware store user name and encrypted message; When breaking away from the Internet, system can't be synchronous with Cloud Server, and the local password data are imported from the password protection terminal; When detecting the user and using corresponding the application, call the local password data and carry out associative operation.
The effect that the present invention is useful is: the safety problem of password Internet era of the invention solves; Utilize high-tech technology such as biometrics identification technology, cloud computing technology, the Internet programming technique; Push the protection of the Internet password to the ultra convenient epoch; Brain need not to write down any password, simply by virtue of self biological characteristic, can manage and use various passwords.Thereby fundamentally solve the user the Internet era to the protection of cryptosecurity and the problem of memory management.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is described further:
Defective to existing password protection and management; The present invention utilizes the unique biological characteristic of human body through exclusive password protection terminal, substitutes basic password; Thereby realize not remembering any encrypted message; Can manage all users and encrypted message, adopt state-of-the-art cloud computing technology simultaneously, realize the seamless synchronous of identity information and encrypted message; Realize that the password of user when different computers uses uses and problem of management, and the information after the password protection lost terminal of having realized is passed through the synchronous reduction problem behind the biological characteristic authentication.Thoroughly solve user's cipher memory and management aspect, the demand of Bindery security and convenience.
Based on the cryptoguard management system of cloud security, as shown in Figure 1, mainly form by three parts:
The password protection terminal:
Biological characteristic identification function: adopt password protection terminal based on living things feature recognition; Through the living things feature recognition user; Take leave of on the market similar products or software and still land the present situation of management through password; Really accomplish the foolization, basic password of user all need not be remembered, and directly can manage and use password protection through my biological characteristic that comprises fingerprint.
The function of local comparison authentication of password protection biological support characteristic and long-range comparison authentication.Be applied to different application scenes respectively
Itself possesses memory function password protection, and thousands of user name passwords can be stored in inside, can realize the off-grid operation during local the use, uses relevant local password.Can carry out synchronously simultaneously through software kit and password protection cloud service, operation such as reduction.
Various communication interfaces is supported in password protection simultaneously; Comprise interfaces such as USB, serial ports, bluetooth, wifi, TCP/IP, SDIO, tonepulse; Can directly connect terminals such as desktop computer, panel computer, handheld device, mobile phone; During wireless connections such as use wifi, a plurality of terminals of more can plugging into are simultaneously shared simultaneously and are used.
The password protection application software: as shown in Figure 2,
The application software of password protection system support mainly contains Password Management, cloud management, Identity Management:
Password is used: comprise functions such as Password Management, password use, code extraction, password storage
Cloud is used: comprise functions such as password backup, cryptosync
Identity is used: comprise that user identity backup, user identity are reported the loss, user identity reduction holder function
The password protection cloud service:
Powerful password protection Cloud Server utilizes the advantage of cloud computing, storage user's identity and encrypted message, and the use of being convenient to the user realizes with system, can realize seamless cross-platform password application.
The password protection entire system is used sketch map: as shown in Figure 3,
Password protection is inputed the various passwords of having stored automatically, as is not had the website or the application of stored user name and password through detecting user's operation automatically; Can take manual registration and the automatic process registration of system; When registering automatically, the website produces 32 random ciphers at random and preserves, and the user need not to be concerned about actual password; Had user name and password like the user, can import by hand and select whether to preserve.Under idiographic flow example such as Fig. 4:
(1), when the user uses the password protection terminal for the first time, carries out authentication earlier, i.e. the registration of user's biological characteristic;
(2), the user connects the password protection terminal, carries out identity comparison authentication; After authentication is passed through, read the password protection code data and with the cloud data sync;
(3), detect user's application, detect user name and password and whether exist; If exist, then user name and password use automatically;
(4) if do not have name in an account book and password in user's the application, then detect and whether carry out user's registration, if select user's registration, then store user name and password; If do not register, then manually input user name and password, store user name and password again.
The first password protection system flow that uses: as shown in Figure 5,
When the user uses this system for the first time; At first to carry out authentication; Be the registration of my biological characteristic, we recommend to have the foundation of the ripe fingerprint of using as biological characteristic, support the access of other biological characteristics such as pupil, sound, face, custom simultaneously.Concrete registering flow path is shown in the following figure: connect and installation password protection terminal; The user carries out first authentication; , register and test biological characteristic; Simultaneous user's identity information; Register successfully.
Password protection backed up in synchronization flow process: as shown in Figure 6.
The user connects the password protection terminal, carries out identity comparison authentication; After authentication is passed through, the local and high in the clouds code data of contrast; Detect total information and upload local update; Upload and download differential password data local and high in the clouds; Success synchronously.
Password protection through can with the Cloud Server backed up in synchronization of far-end, in conjunction with the password protection terminal, no matter in work computer; Or the PC of oneself; Still handheld terminal, or other where, latest data synchronously; Be to be with password to walk all over the world, fundamentally solved the branch problem of password.
The built-in international standard enciphering and deciphering algorithm of synchro system is supported international standard algorithms such as DES/3DES, AES, RSA, ECC, and the HASH algorithm utilizes these algorithms can realize the encryption storage of code data, adds the Miyun transmission.
Back reduction password protection flow process is lost in password protection:
Lost password protection if you are unfortunate, you do not worry there is not your biological characteristic yet, and others can't use the password protection terminal, can't obtain the password of the inside.Simultaneously, can then through the biological characteristic of self, give the code data office identity data in the cloud service for change through buying or applying for new password protection terminal equipment.Adopt the mode of far-end biological characteristic authentication, through the biological characteristic authentication identity, again with original information synchronously to new password protection terminal, thereby accomplish that code data and identity information never lose.
The flow process of specifically fetching is as shown in Figure 7: the user connects new password protection terminal, carries out identity comparison authentication; After authentication is passed through, download user name, password and account information, updated account synchronously; The account reduces success.
Off line is used the password protection flow process:
When off line is used (when breaking away from the Internet), system can't be synchronous with Cloud Server, and this moment, data local password data imported from the password protection terminal hardware, when detecting the user and using corresponding the application, calls the local password data and carry out associative operation.
The concrete flow process of using is as shown in Figure 8: the built-in safe storage in password protection terminal; Hardware store user name and encrypted message; When breaking away from the Internet, system can't be synchronous with Cloud Server, and the local password data are imported from the password protection terminal; When detecting the user and using corresponding the application, call the local password data and carry out associative operation.
Terminological interpretation:
Cloud computing: be a kind of account form based on the Internet, in this way, software and hardware resources of sharing and information can offer computer and other equipment as required.The whole service mode is the spitting image of electrical network.
Data security: refer to the safety of data itself here, mainly be meant and adopt the modern password algorithm that data are carried out active protection,, data integrity secret, bidirectional strength authentication etc. like data.
Biological identification: claim bio-identification again, be through computer utilize human body intrinsic physiological characteristic or behavioural characteristic carry out personal identification and identify.Biological characteristic commonly used comprises face picture, iris, fingerprint, palmmprint, sound, person's handwriting etc., and many countries are studied it as the strategic technology in great basis.Americanologist is crossed legislation and is explicitly called for this technology of employing in the national security field.International Civil Aviation Organization also requires its affiliated 188 member states and area since the end of the year 2004 biological characteristic to be added in the individual passport a few days ago, to confirm identity.
Password: the common name that is pass word (password) in Chinese." password " inputed when Website login, E-mail address and bank debits strictness in fact should only be known as pass word, because it is not " encrypted code " on the original meaning, but also can be called secret number.
Except that the foregoing description, the present invention can also have other execution modes.All employings are equal to the technical scheme of replacement or equivalent transformation formation, all drop on the protection range of requirement of the present invention.