CN111597547B - Method and system for password management - Google Patents
Method and system for password management Download PDFInfo
- Publication number
- CN111597547B CN111597547B CN202010456387.7A CN202010456387A CN111597547B CN 111597547 B CN111597547 B CN 111597547B CN 202010456387 A CN202010456387 A CN 202010456387A CN 111597547 B CN111597547 B CN 111597547B
- Authority
- CN
- China
- Prior art keywords
- password
- module
- state
- application
- initial
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
技术领域technical field
本发明涉及通信技术领域,具体涉及一种密码管理方法和系统。The invention relates to the field of communication technology, in particular to a password management method and system.
背景技术Background technique
随着终端的智能化和线上业务应用的日益丰富,人们的很多生活需求已逐渐向线上迁移,用户对于应用的应用安全也越来越重视。而当前用户在线上使用应用时,常常会利用密码进行登录授权、身份验证或者文件分享等。因此,保障密码安全对于保障应用安全极为重要。With the intelligentization of terminals and the increasing abundance of online business applications, many of people's daily needs have gradually migrated to online, and users are paying more and more attention to the application security of applications. However, when current users use applications online, they often use passwords for login authorization, identity verification, or file sharing. Therefore, keeping passwords secure is extremely important for securing applications.
需要说明的是,保障密码安全就是要保障密码在使用过程中符合要求,防止出现密码异常使用的情况。为了杜绝密码在使用过程中出现异常使用的情况,就需要对密码生成后的使用情况进行跟踪管理。而当前如何对密码生成后的使用情况进行跟踪管理是保障密码安全的难题之一,尤其是当前对密码进行跟踪管理的过程存在安全隐患,导致密码管理的安全性和有效性差。It should be noted that ensuring password security means ensuring that passwords meet the requirements during use and preventing abnormal use of passwords. In order to prevent abnormal use of passwords during use, it is necessary to track and manage the usage of passwords after they are generated. At present, how to track and manage the usage of passwords after they are generated is one of the difficult problems in ensuring password security. In particular, there are security risks in the current process of tracking and managing passwords, resulting in poor security and effectiveness of password management.
发明内容Contents of the invention
为此,本发明提供一种密码管理的方法和系统,以解决现有技术中由于难以对密码生成后的使用情况进行跟踪管理而导致的密码管理的安全性和有效性差的问题。Therefore, the present invention provides a password management method and system to solve the problem of poor security and effectiveness of password management in the prior art due to the difficulty of tracking and managing the use of passwords after they are generated.
为了实现上述目的,本发明第一方面提供一种密码管理的方法,该方法包括:In order to achieve the above object, the first aspect of the present invention provides a password management method, the method comprising:
响应密码生成请求,生成密码、初始密码状态和密码标志;所述密码标志与所述密码唯一对应;所述密码标志包含加密口令和识别标志;Responding to a password generation request, generate a password, an initial password state, and a password mark; the password mark is uniquely corresponding to the password; the password mark includes an encrypted password and an identification mark;
获取所述密码标志对应的密码的密码应用规则;Obtain the password application rules of the password corresponding to the password symbol;
将所述密码应用规则和所述密码标志发送至跟踪模块,以使所述跟踪模块根据所述密码应用规则监测所述密码标志对应的密码;Sending the password application rule and the password token to a tracking module, so that the tracking module monitors the password corresponding to the password token according to the password application rule;
将所述密码应用规则、所述初始密码状态和所述密码标志发送至分析模块,以使所述分析模块确定所述密码标志对应的密码的初始密码状态是否需要进行变更。Sending the password application rule, the initial password status and the password flag to an analysis module, so that the analysis module determines whether the initial password status of the password corresponding to the password flag needs to be changed.
优选地,上述将密码应用规则和所述密码标志发送至跟踪模块之后,还包括:Preferably, after the above-mentioned password application rules and the password flag are sent to the tracking module, it also includes:
从所述密码应用规则中提取密码次限;Extracting the password limit from the password application rules;
根据所述密码次限生成次限标签;Generate a limit label according to the password limit;
将所述次限标签发送至所述跟踪模块。Sending the sublimit tag to the tracking module.
本发明第二方面提供一种密码管理的方法,该方法包括:A second aspect of the present invention provides a password management method, the method comprising:
接收来自密码模块的密码应用规则和密码标志;所述密码标志与所述密码唯一对应;所述密码标志包含加密口令和识别标志;Receiving password application rules and password signs from the cryptographic module; the password signs uniquely correspond to the passwords; the password signs include encrypted passwords and identification marks;
根据所述密码应用规则监测所述密码标志对应的密码;monitoring the password corresponding to the password symbol according to the password application rules;
当所述密码标志对应的密码发生应用流转时,记录所述密码的应用流转数据;When the password corresponding to the password flag is applied and transferred, record the application transfer data of the password;
将所述应用流转数据发送至分析模块,以使所述分析模块根据所述应用流转数据确定所述密码标志对应的密码的初始密码状态是否需要进行变更。The application flow data is sent to the analysis module, so that the analysis module determines whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data.
优选地,上述根据所述密码应用规则监测所述密码标志对应的密码的步骤,包括:Preferably, the above-mentioned step of monitoring the password corresponding to the password flag according to the password application rules includes:
从所述密码应用规则中提取预期路径参数;所述预期路径参数包含预期发送地址、预期中介地址和预期目标地址;extracting expected path parameters from the cryptographic application rules; the expected path parameters include expected sending address, expected intermediary address and expected target address;
监测所述预期发送地址、所述预期中介地址和所述预期目标地址。The expected sending address, the expected intermediary address and the expected destination address are monitored.
本发明第三方面提供一种密码管理的方法,该方法包括:A third aspect of the present invention provides a password management method, the method comprising:
接收来自密码模块的密码标志、密码状态和密码应用规则;所述密码标志与所述密码唯一对应;所述密码标志包含加密口令和识别标志;Receiving a password sign, a password status and a password application rule from a cryptographic module; the password sign is uniquely corresponding to the password; the password sign includes an encrypted password and an identification sign;
接收来自跟踪模块的应用流转数据;Receive application flow data from the tracking module;
根据所述应用流转数据和所述密码应用规则确定所述密码标志对应的密码的初始密码状态是否需要进行变更;determining whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data and the password application rules;
当所述初始密码状态需要进行变更时,生成密码状态变更请求;When the initial password status needs to be changed, generate a password status change request;
发送所述密码状态变更请求至执行模块,以使所述执行模块变更所述初始密码状态后,生成并发送密码状态变更信息至全部业务节点。Sending the encryption state change request to the execution module, so that the execution module generates and sends encryption state change information to all service nodes after changing the initial encryption state.
优选地,接收来自跟踪模块的应用流转数据之前,还包括:Preferably, before receiving the application flow data from the tracking module, it also includes:
从所述密码应用规则中提取密码时限;所述密码时限是所述密码标志对应的密码的预设生命时长;Extracting the password time limit from the password application rules; the password time limit is the preset life span of the password corresponding to the password symbol;
获取计时器的计时时长;所述计时时长是所述密码标志对应的密码的当前生命时长;Obtain the timing duration of the timer; the timing duration is the current life duration of the password corresponding to the password flag;
判断所述计时时长是否小于所述密码时限;judging whether the timing duration is less than the password time limit;
当所述计时时长不小于所述密码时限时,生成初始密码状态变更请求,并将所述初始密码状态变更请求发送至执行模块,以使所述执行模块变更所述初始密码状态后,生成并发送密码状态变更信息至全部业务节点。When the timing duration is not less than the password time limit, generate an initial password state change request, and send the initial password state change request to the execution module, so that after the execution module changes the initial password state, generate and Send password status change information to all business nodes.
优选地,根据所述应用流转数据和所述密码应用规则确定所述密码标志对应的密码的初始密码状态是否需要进行变更的步骤,包括:Preferably, the step of determining whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data and the password application rules includes:
从所述密码应用规则中提取预期路径参数;所述预期路径参数包含预期发送地址、预期中介地址和预期目标地址;extracting expected path parameters from the cryptographic application rules; the expected path parameters include expected sending address, expected intermediary address and expected target address;
从所述所述应用流转数据中提取实际路径参数;所述实际路径参数包含实际发送地址、实际中介地址和实际目标地址;extracting actual path parameters from the application flow data; the actual path parameters include actual sending address, actual intermediary address and actual target address;
对比所述实际路径参数和所述预期路径参数;comparing said actual path parameters with said expected path parameters;
当所述预期路径参数没有包含所述实际路径参数时,从所述密码应用规则中提取密码级别;所述密码级别包括一级密码、二级密码和三级密码;When the expected path parameter does not include the actual path parameter, extract a password level from the password application rule; the password level includes a first-level password, a second-level password and a third-level password;
当所述密码级别为一级密码时,确定所述密码标志对应的密码的初始密码状态需要进行变更;When the password level is a first-level password, it is determined that the initial password state of the password corresponding to the password flag needs to be changed;
当所述密码级别为二级密码时,判断所述预期中介地址是否包含所述实际中介地址且所述预期目标地址是否包含所述实际目标地址;当判断所述预期中介地址不包含所述述实际中介地址或所述预期目标地址不包含所述实际目标地址时,确定所述密码标志对应的密码的初始密码状态需要进行变更;When the password level is a secondary password, it is judged whether the expected intermediary address includes the actual intermediary address and whether the expected target address includes the actual target address; when it is judged that the expected intermediary address does not include the When the actual intermediary address or the expected target address does not include the actual target address, it is determined that the initial password state of the password corresponding to the password flag needs to be changed;
当所述密码级别为三级密码时,判断所述预期目标地址是否包含所述实际目标地址;当所述预期目标地址不包含所述实际目标地址时,确定所述密码标志对应的密码的初始密码状态需要进行变更。When the password level is a three-level password, judge whether the expected target address includes the actual target address; when the expected target address does not include the actual target address, determine the initial value of the password corresponding to the password flag Password status needs to be changed.
本发明第四方面提供一种密码管理的系统,该系统包括:A fourth aspect of the present invention provides a password management system, the system comprising:
第一密码生成模块,用于响应密码生成请求,生成密码、初始密码状态和密码标志;所述密码标志与所述密码唯一对应;所述密码标志包含加密口令和识别标志;The first password generation module is used to respond to the password generation request and generate a password, an initial password state and a password mark; the password mark is uniquely corresponding to the password; the password mark includes an encrypted password and an identification mark;
第一密码获取模块,用于获取所述密码标志对应的密码的密码应用规则;A first password acquisition module, configured to acquire the password application rules of the password corresponding to the password symbol;
第一密码发送模块,用于将所述密码应用规则和所述密码标志发送至跟踪模块,以使所述跟踪模块根据所述密码应用规则监测所述密码标志对应的密码;A first password sending module, configured to send the password application rule and the password symbol to a tracking module, so that the tracking module monitors the password corresponding to the password symbol according to the password application rule;
第二密码发送模块,用于将所述密码应用规则、所述初始密码状态和所述密码标志发送至分析模块,以使所述分析模块确定所述密码标志对应的密码的初始密码状态是否需要进行变更。The second password sending module is configured to send the password application rules, the initial password state and the password flag to the analysis module, so that the analysis module determines whether the initial password state of the password corresponding to the password flag needs Make changes.
本发明第五方面提供一种密码管理的系统,该系统包括:A fifth aspect of the present invention provides a password management system, the system comprising:
第一跟踪接收模块,用于接收来自密码模块的密码应用规则和密码标志;所述密码标志与所述密码唯一对应;所述密码标志包含加密口令和识别标志;The first tracking receiving module is used to receive the password application rules and the password mark from the password module; the password mark is uniquely corresponding to the password; the password mark includes an encrypted password and an identification mark;
第一跟踪监测模块,用于根据所述密码应用规则监测所述密码标志对应的密码;A first tracking and monitoring module, configured to monitor the password corresponding to the password symbol according to the password application rules;
第一跟踪记录模块,用于记录所述密码的应用流转数据;The first tracking and recording module is used to record the application flow data of the password;
第一跟踪发送模块,用于当所述密码标志对应的密码发生应用流转时,将所述应用流转数据发送至分析模块,以使所述分析模块根据所述应用流转数据确定所述密码标志对应的密码的初始密码状态是否需要进行变更。The first tracking sending module is configured to send the application flow data to the analysis module when the password corresponding to the password symbol is transferred to the analysis module, so that the analysis module can determine the password corresponding to the password symbol according to the application flow data. Whether the initial password state of the password needs to be changed.
本发明第六方面提供一种密码管理的系统,该系统包括:A sixth aspect of the present invention provides a password management system, the system comprising:
第一分析接收模块,用于接收来自密码模块的密码标志、密码状态和密码应用规则;所述密码标志与所述密码唯一对应;所述密码标志包含加密口令和识别标志;The first analysis and receiving module is used to receive the password sign, password status and password application rules from the password module; the password sign is uniquely corresponding to the password; the password sign includes an encrypted password and an identification mark;
第二分析接收模块,用于接收来自跟踪模块的应用流转数据;The second analysis receiving module is used to receive the application flow data from the tracking module;
第一分析决策模块,用于根据所述应用流转数据和所述密码应用规则确定所述密码标志对应的密码的初始密码状态是否需要进行变更;The first analysis and decision-making module is used to determine whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data and the password application rules;
第一分析生成模块,用于当所述初始密码状态需要进行变更时,生成密码状态变更请求;The first analysis and generation module is used to generate a password state change request when the initial password state needs to be changed;
第一分析发送模块,用于发送所述密码状态变更请求至执行模块,以使所述执行模块变更所述初始密码状态后,生成并发送密码状态变更信息至全部业务节点。The first analyzing and sending module is configured to send the encryption state change request to the execution module, so that the execution module generates and sends encryption state change information to all service nodes after changing the initial encryption state.
本发明具有如下优点:The present invention has the following advantages:
本发明提供一种密码管理的方法,该方法首先响应密码生成请求,生成密码、初始密码状态和密码标志,其中,密码标志与密码唯一对应,且密码标志包含加密口令和识别标志,该加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,通过密码标志可以提升密码管理的安全性。其次,获取密码标志对应的密码的密码应用规则,然后,将密码应用规则和密码标志发送至跟踪模块,以使跟踪模块根据密码应用规则监测密码标志对应的密码,同时,将密码应用规则、初始密码状态和密码标志发送至分析模块,以使分析模块确定密码标志对应的密码的初始密码状态是否需要进行变更,避免密码异常使用造成用户损失,即本方法通过在密码管理的过程中使用密码标志和初始密码状态提高了密码管理的安全性和有效性。The present invention provides a password management method. The method firstly responds to a password generation request to generate a password, an initial password status and a password symbol, wherein the password symbol is uniquely corresponding to the password, and the password symbol includes an encrypted password and an identification symbol. The encrypted password It ensures that the password is not leaked during the password management process, and the identification mark ensures the unique correspondence between the password mark and the password during the password management process. Therefore, the security of the password management can be improved through the password mark. Secondly, the password application rule of the password corresponding to the password symbol is obtained, and then the password application rule and the password symbol are sent to the tracking module, so that the tracking module monitors the password corresponding to the password symbol according to the password application rule, and at the same time, the password application rule, initial The password status and password flag are sent to the analysis module, so that the analysis module can determine whether the initial password state of the password corresponding to the password flag needs to be changed, so as to avoid user losses caused by abnormal use of the password, that is, this method uses the password flag in the process of password management and initial password state improve the security and effectiveness of password management.
附图说明Description of drawings
附图是用来提供对本发明的进一步理解,并且构成说明书的一部分,与下面的具体实施方式一起用于解释本发明,但并不构成对本发明的限制。The accompanying drawings are used to provide a further understanding of the present invention, and constitute a part of the description, together with the following specific embodiments, are used to explain the present invention, but do not constitute a limitation to the present invention.
图1为本发明实施例提供的一种密码管理的方法的流程图;Fig. 1 is a flowchart of a password management method provided by an embodiment of the present invention;
图2为本发明实施例提供的一种密码管理的方法的流程图;FIG. 2 is a flowchart of a password management method provided by an embodiment of the present invention;
图3为本发明实施例提供的一种密码管理的方法的流程图;FIG. 3 is a flowchart of a password management method provided by an embodiment of the present invention;
图4为本发明实施例提供的一种密码管理的系统的结构示意图;FIG. 4 is a schematic structural diagram of a password management system provided by an embodiment of the present invention;
图5为本发明实施例提供的一种密码管理的系统的结构示意图;FIG. 5 is a schematic structural diagram of a password management system provided by an embodiment of the present invention;
图6为本发明实施例提供的一种密码管理的系统的结构示意图;FIG. 6 is a schematic structural diagram of a password management system provided by an embodiment of the present invention;
图7为本发明实施例提供的一种密码管理的系统的结构示意图。FIG. 7 is a schematic structural diagram of a password management system provided by an embodiment of the present invention.
在附图中:In the attached picture:
41:第一密码生成模块 42:第一密码获取模块41: The first password generation module 42: The first password acquisition module
43:第一密码发送模块 44:第二密码发送模块43: The first password sending module 44: The second password sending module
51:第一跟踪接收模块 52:第一跟踪监测模块51: The first tracking receiving module 52: The first tracking monitoring module
53:第一跟踪记录模块 54:第一跟踪发送模块53: The first tracking record module 54: The first tracking sending module
61:第一分析接收模块 62:第二分析接收模块61: The first analysis receiving module 62: The second analysis receiving module
63:第一分析决策模块 64:第一分析生成模块63: The first analysis and decision-making module 64: The first analysis and generation module
65:第一分析发送模块 71:密码模块65: First analysis sending module 71: Password module
72:跟踪模块 73:分析模块72: Tracking module 73: Analysis module
74:执行模块74: Execution Module
具体实施方式Detailed ways
以下结合附图对本发明的具体实施方式进行详细说明。应当理解的是,此处所描述的具体实施方式仅用于说明和解释本发明,并不用于限制本发明。Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be understood that the specific embodiments described here are only used to illustrate and explain the present invention, and are not intended to limit the present invention.
随着终端的智能化和线上业务应用的日益丰富,人们的很多生活需求已逐渐向线上迁移,用户对于应用的应用安全也越来越重视。而当前用户在线上使用应用时,常常会利用密码进行登录授权、身份验证或者文件分享等。因此,保障密码安全对于保障应用安全极为重要。With the intelligentization of terminals and the increasing abundance of online business applications, many of people's daily needs have gradually migrated to online, and users are paying more and more attention to the application security of applications. However, when current users use applications online, they often use passwords for login authorization, identity verification, or file sharing. Therefore, keeping passwords secure is extremely important for securing applications.
需要说明的是,保障密码安全就是要保障密码在使用过程中符合要求,防止出现密码异常使用的情况。为了杜绝密码在使用过程中出现异常使用的情况,就需要对密码生成后的使用情况进行跟踪管理。而当前如何对密码生成后的使用情况进行跟踪管理是保障密码安全的难题之一,尤其是当前对密码进行跟踪管理的过程存在安全隐患,导致密码管理的安全性和有效性差。It should be noted that ensuring password security means ensuring that passwords meet the requirements during use and preventing abnormal use of passwords. In order to prevent abnormal use of passwords during use, it is necessary to track and manage the usage of passwords after they are generated. At present, how to track and manage the usage of passwords after they are generated is one of the difficult problems in ensuring password security. In particular, there are security risks in the current process of tracking and managing passwords, resulting in poor security and effectiveness of password management.
为了解决上述难题,本实施例提供一种密码管理的方法,应用于密码模块,如图1所示,该方法包括以下步骤:In order to solve the above problems, the present embodiment provides a password management method applied to a password module, as shown in Figure 1, the method includes the following steps:
步骤S101,响应密码生成请求,生成密码、初始密码状态和密码标志。Step S101, responding to a password generation request, generating a password, an initial password state, and a password flag.
其中,密码生成请求是密码模块接收的来自第三方应用的请求,该密码生成请求中携带密码生成规则。Wherein, the password generation request is a request received by the cryptographic module from a third-party application, and the password generation request carries a password generation rule.
在一个实施方式中,密码模块响应密码生成请求,根据该密码生成请求携带的密码生成规则生成密码、初始密码状态和密码标志。其中,密码模块生成的密码可以是数字、符号、图形和/或文字等不同类型。密码初始状态可设置为未使用状态或者有效状态。密码标志与密码唯一对应,并且,密码标志包含加密口令和识别标志。其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志。在密码管理的过程中,密码模块可以将密码标志发送至其他模块,使其他模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在密码模块将密码标志发送至其他模块过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。In one embodiment, the password module responds to the password generation request, and generates a password, an initial password state, and a password flag according to a password generation rule carried in the password generation request. Wherein, the password generated by the password module may be of different types such as numbers, symbols, graphics and/or words. The initial state of the password can be set as an unused state or a valid state. The password mark uniquely corresponds to the password, and the password mark includes an encrypted password and an identification mark. Wherein, the encrypted password is a ciphertext after the password is encrypted by the cryptographic module, and the identification mark is a mark for uniquely identifying the password. In the process of password management, the cryptographic module can send the password token to other modules, so that other modules can obtain the unique correspondence between the password token and the password through the encrypted password and the identification token contained in the password token. Moreover, since the encrypted password is the encrypted ciphertext of the password, in the process of sending the password token to other modules by the password module, even if the hacker intercepts the password token, the password corresponding to the password token cannot be obtained through the password token. It can be seen that the encrypted password ensures that the password is not leaked during the password management process, and the identification mark ensures the unique correspondence between the password mark and the password during the password management process. hidden dangers and improve the security of password management.
在另一个实施方式中,密码生成请求也可以是密码模块根据自身需求生成的请求。密码模块响应该密码生成请求,根据密码模块中存储的约定生成密码、初始密码状态和密码标志。其中,密码模块生成的密码可以是数字、符号、图形和/或文字等不同类型。密码初始状态可设置为未使用状态或者有效状态。密码标志与密码唯一对应,并且,密码标志包含加密口令和识别标志。其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志,该识别标志还可以标志密码的密码类型和/或跟踪类型,该密码类型包括数字、符号、图形和/或文字等,跟踪类型包括剪贴板类型和/或短信类型等。In another implementation manner, the password generation request may also be a request generated by the password module according to its own requirements. The password module responds to the password generation request, and generates password, initial password status and password flag according to the agreement stored in the password module. Wherein, the password generated by the password module may be of different types such as numbers, symbols, graphics and/or words. The initial state of the password can be set as an unused state or a valid state. The password mark uniquely corresponds to the password, and the password mark includes an encrypted password and an identification mark. Among them, the encrypted password is the ciphertext after the password is encrypted by the cryptographic module, and the identification mark is a sign that uniquely identifies the password. The identification mark can also indicate the password type and/or tracking type of the password. The password type includes numbers, symbols, graphics and/or text, etc., and the tracking type includes clipboard type and/or text message type, etc.
步骤S102,获取密码标志对应的密码的密码应用规则。Step S102, acquiring the password application rule of the password corresponding to the password flag.
其中,密码应用规则是密码的应用时需要符合的要求。密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。其中,密码次限是密码可以具体应用的次数阈值,包括复制次限、粘贴次限和/或使用次限。密码时限是密码的预设生命时长。密码级别是密码的安全需求级别,通常为一级密码、二级密码或三级密码,其中,一级密码对应高安全需求,二级密码对应的安全需求介于一级密码和三级密码对应的安全需求之间,三级密码对应低安全需求。预期路径参数是密码预期流转的各业务节点的地址参数,包括预期发送地址、预期中介地址和预期目标地址,其中,预期发送地址是密码标志的生成地址,该预期发送地址可以是设备序列号、网内标志或互联网协议(Internet Protocol,IP)地址等;预期中介地址是该密码标志使用前预期经过的中间存储介质对应的地址,一般为剪贴板或短信中心对应的地址;预期目标地址是至密码标志预期适用的地址,该预期目标地址可以是设备序列号、网内标志或互联网协议(Internet Protocol,IP)地址等。Wherein, the password application rule is a requirement that needs to be met when the password is applied. Password application rules include: password times limit, password age limit, password level and/or expected path parameters. Wherein, the password limit is a specific application times threshold of the password, including a copy limit, a paste limit and/or a use limit. The password time limit is the preset lifetime of the password. The password level is the security requirement level of the password, which is usually a first-level password, a second-level password or a third-level password. Among them, the first-level password corresponds to high security requirements, and the security requirements corresponding to the second-level password are between the first-level password and the third-level password. Among the security requirements, the third-level password corresponds to the low security requirements. The expected path parameter is the address parameter of each business node where the password is expected to flow, including the expected sending address, the expected intermediary address and the expected target address, wherein the expected sending address is the generation address of the password flag, and the expected sending address can be the device serial number, Intranet logo or Internet Protocol (Internet Protocol, IP) address, etc.; the expected intermediary address is the address corresponding to the intermediate storage medium that the password logo is expected to pass through before use, generally the address corresponding to the clipboard or SMS center; the expected target address is to An address to which the password mark is expected to apply, and the expected target address may be a device serial number, an intranet mark, or an Internet Protocol (Internet Protocol, IP) address, etc.
步骤S103,将密码应用规则和密码标志发送至跟踪模块,以使跟踪模块根据密码应用规则监测密码标志对应的密码。Step S103, sending the password application rule and the password token to the tracking module, so that the tracking module monitors the password corresponding to the password token according to the password application rule.
需要说明的是,密码模块将密码标志发送至跟踪模块能使跟踪模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在密码模块将密码标志发送至跟踪模块过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。It should be noted that, when the password module sends the password token to the tracking module, the tracking module can obtain the unique correspondence between the password token and the password through the encrypted password and the identification token contained in the password token. Moreover, since the encrypted password is the encrypted ciphertext of the password, when the password module sends the password token to the tracking module, even if the hacker intercepts the password token, the password corresponding to the password token cannot be obtained through the password token. It can be seen that the encrypted password ensures that the password is not leaked during the password management process, and the identification mark ensures the unique correspondence between the password mark and the password during the password management process. hidden dangers and improve the security of password management.
在一个实施方式中,将密码应用规则和密码标志发送至跟踪模块之后,为了使跟踪模块容易根据密码应用规则监测密码标志对应的密码,密码模块从获取的密码应用规则中提取密码次限,然后根据密码次限生成次限标签,最后将次限标签发送至跟踪模块。需要说明的是,密码次限是密码可以具体应用的次数阈值,包括复制次限、粘贴次限和/或使用次限,密码模块根据密码次限生成次限标签也对应包含复制标签、粘贴标签和/或使用标签,这些次限标签的初始值均为0。In one embodiment, after the password application rule and the password symbol are sent to the tracking module, in order to make the tracking module easily monitor the password corresponding to the password symbol according to the password application rule, the password module extracts the password limit from the obtained password application rule, and then Generate a limit label according to the password limit, and finally send the limit label to the tracking module. It should be noted that the password limit is the threshold of the number of times that the password can be used, including the copy limit, paste limit and/or use limit. and/or use labels, which all have an initial value of 0.
步骤S104,将密码应用规则、初始密码状态和密码标志发送至分析模块,以使分析模块确定密码标志对应的密码的初始密码状态是否需要进行变更。Step S104, sending the password application rules, the initial password status and the password flag to the analysis module, so that the analysis module determines whether the initial password status of the password corresponding to the password flag needs to be changed.
需要说明的是,密码模块将密码标志发送至分析模块能使分析模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在密码模块将密码标志发送至分析模块过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。It should be noted that the password module sends the password token to the analysis module so that the analysis module can obtain the unique correspondence between the password token and the password through the encrypted password and the identification token contained in the password token. Moreover, since the encrypted password is the encrypted ciphertext of the password, even if the hacker intercepts the password symbol during the process of sending the password symbol to the analysis module by the password module, the password corresponding to the password symbol cannot be obtained through the password symbol. It can be seen that the encrypted password ensures that the password is not leaked during the password management process, and the identification mark ensures the unique correspondence between the password mark and the password during the password management process. hidden dangers and improve the security of password management.
本实施例提供一种应用于密码模块的密码管理的方法,该方法首先响应密码生成请求,生成密码、初始密码状态和密码标志,其中,其中,密码标志与密码唯一对应,且密码标志包含加密口令和识别标志,该加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,通过密码标志可以提升密码管理的安全性。其次,获取密码标志对应的密码的密码应用规则,然后,将密码应用规则和密码标志发送至跟踪模块,以使跟踪模块根据密码应用规则监测密码标志对应的密码,同时,将密码应用规则、初始密码状态和密码标志发送至分析模块,以使分析模块确定密码标志对应的密码的初始密码状态是否需要进行变更,避免密码异常使用造成用户损失,即本方法通过在密码管理的过程中使用密码标志和初始密码状态提高了密码管理的安全性和有效性。This embodiment provides a method for password management applied to a cryptographic module. The method first responds to a password generation request to generate a password, an initial password state, and a password flag, wherein, the password flag is uniquely corresponding to the password, and the password flag contains encrypted Password and identification mark, the encrypted password ensures that the password is not leaked in the process of password management, and the identification mark ensures the unique correspondence between the password mark and the password in the process of password management. Therefore, the security of password management can be improved through the password mark. Secondly, the password application rule of the password corresponding to the password symbol is obtained, and then the password application rule and the password symbol are sent to the tracking module, so that the tracking module monitors the password corresponding to the password symbol according to the password application rule, and at the same time, the password application rule, initial The password status and password flag are sent to the analysis module, so that the analysis module can determine whether the initial password state of the password corresponding to the password flag needs to be changed, so as to avoid user losses caused by abnormal use of the password, that is, this method uses the password flag in the process of password management and initial password state improve the security and effectiveness of password management.
本实施例还提供一种密码管理的方法,应用于跟踪模块,如图2所示,该方法包括以下步骤:This embodiment also provides a method for password management, which is applied to the tracking module, as shown in Figure 2, the method includes the following steps:
S201,接收来自密码模块的密码应用规则和密码标志。S201. Receive a password application rule and a password flag from a password module.
其中,密码应用规则是密码的应用时需要符合的要求,密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。密码标志包含加密口令和识别标志,其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志。Wherein, the password application rule is a requirement that needs to be met when the password is applied, and the password application rule includes: password times limit, password time limit, password level and/or expected path parameters. The password mark includes an encrypted password and an identification mark, wherein the encrypted password is a ciphertext after the password is encrypted by the cryptographic module, and the identification mark is a mark for uniquely identifying the password.
需要说明的是,跟踪模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在跟踪模块使用密码标志的过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。It should be noted that the tracking module obtains the unique correspondence between the password mark and the password through the encrypted password and the identification mark contained in the password mark. Moreover, since the encrypted password is the encrypted ciphertext of the password, in the process of using the password mark by the tracking module, even if the hacker intercepts the password mark, the password corresponding to the password mark cannot be obtained through the password mark. It can be seen that the encrypted password ensures that the password is not leaked during the password management process, and the identification mark ensures the unique correspondence between the password mark and the password during the password management process. hidden dangers and improve the security of password management.
在一个实施方式中,跟踪模块还接收来自密码模块的次限标签。该次限标签是密码模块为了方便跟踪模块容易监测密码标志对应的密码生成的标签,其中,次限标签包括复制标签、粘贴标签和/或使用标签。该次限标签的初始值均为0。In one embodiment, the tracking module also receives a secondary tag from the cryptographic module. The sublimit tag is a tag generated by the password module for the convenience of the tracking module to easily monitor the password corresponding to the password sign, wherein the sub limit tag includes copying a tag, pasting a tag and/or using a tag. The initial value of the sublimit label is 0.
S202,根据密码应用规则监测密码标志对应的密码。S202. Monitor the password corresponding to the password flag according to the password application rules.
其中,密码应用规则包括密码次限、密码时限、密码级别和/或预期路径参数。在一个实施方式中,为了全面地监测密码标志的应用流转过程,跟踪模块根据密码应用规则监测密码标志对应的密码的步骤包括:首先,跟踪模块从密码应用规则中提取预期路径参数,该预期路径参数包含预期发送地址、预期中介地址和预期目标地址;然后,跟踪模块监测该预期发送地址、预期中介地址和预期目标地址。需要说明的是,由于该预期路径参数是密码预期流转的各业务节点的地址参数,因此,只需监测预期路径参数中的预期发送地址、预期中介地址和预期目标地址,就能全面地监测密码标志的应用流转过程,进行密码管理。Wherein, the password application rules include password times limit, password time limit, password level and/or expected path parameters. In one embodiment, in order to comprehensively monitor the application flow process of the password token, the step of the tracking module monitoring the password corresponding to the password token according to the password application rules includes: first, the tracking module extracts the expected path parameters from the password application rules, and the expected path The parameters include an expected sending address, an expected intermediary address and an expected destination address; then, the tracking module monitors the expected sending address, the expected intermediary address and the expected destination address. It should be noted that since the expected path parameter is the address parameter of each business node where the password is expected to flow, it is only necessary to monitor the expected sending address, expected intermediary address, and expected target address in the expected path parameter to comprehensively monitor the password The application flow process of the logo, and the password management is carried out.
S203,当密码标志对应的密码发生应用流转时,记录密码的应用流转数据。S203, when the password corresponding to the password flag is applied and transferred, record the application transfer data of the password.
其中,密码的应用流转数据包含实际路径参数和/或次限标签的当前值。实际路径参数是密码实际流转的各业务节点的地址参数,该实际路径参数包含实际发送地址、实际中介地址和实际目标地址。次限标签包含复制标签、粘贴标签和/或使用标签。Wherein, the cryptographic application flow data includes the actual path parameter and/or the current value of the sublimit label. The actual path parameter is the address parameter of each service node where the password is actually transferred, and the actual path parameter includes the actual sending address, the actual intermediary address and the actual target address. Secondary tags include copying tags, pasting tags, and/or using tags.
需要说明的时,跟踪模块通过次限标签能够容易监测密码标志对应的密码并记录密码的应用流转数据,方便进行密码管理。在一个实施方式中,跟踪模块监测密码标志对应的密码,当密码标志对应的密码第一次被复制时,跟踪模块将复制标签的初始值加1,即跟踪模块记录的复制标签的当前值为1。When it needs to be explained, the tracking module can easily monitor the password corresponding to the password symbol and record the application flow data of the password through the limit label, which is convenient for password management. In one embodiment, the tracking module monitors the password corresponding to the password sign. When the password corresponding to the password sign is copied for the first time, the tracking module adds 1 to the initial value of the copy label, that is, the current value of the copy label recorded by the tracking module is 1.
S204,将应用流转数据发送至分析模块,以使分析模块根据应用流转数据确定密码标志对应的密码的初始密码状态是否需要进行变更。S204. Send the application flow data to the analysis module, so that the analysis module determines whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data.
本实施例提供一种应用于跟踪模块的密码管理的方法,该方法首先接收来自密码模块的密码应用规则和密码标志,其中,其中,密码标志与密码唯一对应,且密码标志包含加密口令和识别标志,该加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,通过密码标志可以提升密码管理的安全性。其次,根据密码应用规则监测密码标志对应的密码,当密码标志对应的密码发生应用流转时,记录密码的应用流转数据;最后,将应用流转数据发送至分析模块,以使分析模块根据应用流转数据确定密码标志对应的密码的初始密码状态是否需要进行变更,避免密码异常使用造成用户损失,即本方法通过在密码管理的过程中使用密码标志和初始密码状态提高了密码管理的安全性和有效性。This embodiment provides a method for password management applied to the tracking module. The method first receives password application rules and password signs from the password module, wherein, the password sign is uniquely corresponding to the password, and the password sign contains an encrypted password and identification The encrypted password ensures that the password is not leaked during the password management process, and the identification mark ensures the unique correspondence between the password symbol and the password during the password management process. Therefore, the security of password management can be improved through the password symbol. Secondly, monitor the password corresponding to the password symbol according to the password application rules, and when the password corresponding to the password symbol is transferred, record the application transfer data of the password; finally, send the application transfer data to the analysis module, so that the analysis module transfers the data according to the application Determine whether the initial password state of the password corresponding to the password flag needs to be changed to avoid user losses caused by abnormal use of the password, that is, this method improves the security and effectiveness of password management by using the password flag and the initial password state in the process of password management .
本实施例还提供一种密码管理的方法,应用于分析模块,如图3所示,该方法包括以下步骤:This embodiment also provides a method for password management, which is applied to the analysis module, as shown in Figure 3, the method includes the following steps:
步骤301,接收来自密码模块的密码标志、密码状态和密码应用规则。Step 301, receiving the password flag, password status and password application rules from the password module.
其中,密码标志包含加密口令和识别标志,其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志。需要说明的是,分析模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在分析模块使用密码标志的过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。Wherein, the password mark includes an encrypted password and an identification mark, wherein, the encrypted password is a ciphertext after the password is encrypted by the cryptographic module, and the identification mark is a mark for uniquely identifying the password. It should be noted that the analysis module obtains the unique correspondence between the password token and the password through the encrypted password and the identification token contained in the password token. Moreover, since the encrypted password is the encrypted ciphertext of the password, in the process of using the password mark by the analysis module, even if the hacker intercepts the password mark, the password corresponding to the password mark cannot be obtained through the password mark. It can be seen that the encrypted password ensures that the password is not leaked during the password management process, and the identification mark ensures the unique correspondence between the password mark and the password during the password management process. hidden dangers and improve the security of password management.
密码初始状态为未使用状态或有效状态。The initial state of the password is unused or valid.
密码应用规则是密码的应用时需要符合的要求,密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。The password application rules are the requirements that need to be met when the password is applied. The password application rules include: password times limit, password time limit, password level and/or expected path parameters.
在一个实施方式中,分析模块在接收来自密码模块的密码标志、密码状态和密码应用规则之后,进行后续分析之前,需要先判断该密码标志对应的密码的当前生命时长是否已经超过密码时限,具体步骤包括:In one embodiment, after receiving the password flag, password status and password application rules from the cryptographic module, the analysis module needs to judge whether the current lifetime of the password corresponding to the password flag has exceeded the password time limit before performing subsequent analysis. Steps include:
首先,分析模块从密码应用规则中提取密码时限。其中,密码时限是密码标志对应的密码的预设生命时长。First, the analysis module extracts the password time limit from the password application rules. Wherein, the password time limit is the preset lifetime of the password corresponding to the password symbol.
其次,分析模块获取计时器的计时时长,该计时器是密码模块中与密码一同生成的计时器,该计时时长是密码标志对应的密码的当前生命时长。Secondly, the analysis module obtains the timing duration of the timer, which is a timer generated together with the password in the password module, and the timing duration is the current lifetime of the password corresponding to the password flag.
然后,分析模块判断该计时时长是否小于密码时限,当计时时长小于密码时限时,说明该密码标志的当前生命时长没有超过预设生命时长,该密码标志对应的密码还可以继续使用,不需要对密码标志对应的密码的密码初始状态进行变更;当计时时长不小于密码时限时,说明该密码标志对应的密码的当前生命时长已经超过预设生命时长,为了规避密码被非法盗用的隐患,该密码将不可以继续使用,因此,分析模块生成密码状态变更请求,该密码状态变更请求用于请求将密码标志对应的密码的密码初始状态变更为失效状态。Then, the analysis module judges whether the timing duration is less than the password time limit. When the timing duration is less than the password time limit, it means that the current life duration of the password symbol does not exceed the preset life duration, and the password corresponding to the password symbol can continue to be used without further modification The initial state of the password corresponding to the password flag is changed; when the timing time is not less than the password time limit, it means that the current lifetime of the password corresponding to the password symbol has exceeded the preset lifetime. It will not be able to continue to be used. Therefore, the analysis module generates a password status change request, and the password status change request is used to request that the password initial status of the password corresponding to the password flag be changed to an invalid status.
最后,分析模块将该密码状态变更请求发送至执行模块,以使执行模块变更密码状态后,生成并发送密码状态变更信息至全部业务节点。其中,全部业务节点包含密码模块、跟踪模块、分析模块和预期路径参数中包含的预期发送地址、预期中介地址和预期目标地址对应的业务节点。Finally, the analysis module sends the encryption state change request to the execution module, so that the execution module generates and sends encryption state change information to all service nodes after changing the encryption state. Wherein, all service nodes include a cryptographic module, a tracking module, an analysis module, and service nodes corresponding to the expected sending address, expected intermediary address, and expected target address included in the expected path parameters.
分析模块判断该密码标志的当前生命时长是否已经超过密码时限能够规避已经过期的密码被非法盗用的隐患。当密码标志对应的密码的当前生命时长没有超过密码时限,分析模块就可以继续进行后续分析。The analysis module judges whether the current lifetime of the password symbol has exceeded the password time limit, which can avoid the hidden danger of the expired password being illegally embezzled. When the current lifetime of the password corresponding to the password flag does not exceed the password time limit, the analysis module can continue to perform subsequent analysis.
步骤302,接收来自跟踪模块的应用流转数据。Step 302, receiving application flow data from the tracking module.
其中,应用流转数据包含实际路径参数和/或次限标签的当前值。实际路径参数是密码实际流转的各业务节点的地址参数,该实际路径参数包含实际发送地址、实际中介地址和实际目标地址。次限标签包含复制标签、粘贴标签和/或使用标签。Wherein, the application flow data includes the actual path parameter and/or the current value of the sublimit label. The actual path parameter is the address parameter of each service node where the password is actually transferred, and the actual path parameter includes the actual sending address, the actual intermediary address and the actual target address. Secondary tags include copying tags, pasting tags, and/or using tags.
步骤303,根据应用流转数据和密码应用规则确定密码标志对应的密码的初始密码状态是否需要进行变更。Step 303: Determine whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data and password application rules.
其中,密码初始状态为未使用状态或有效状态。密码应用规则是密码的应用时需要符合的要求,密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。分析模块及时地确定密码标志对应的密码的初始密码状态是否需要进行变更能够保证密码标志对应的密码在应用流转过程中不会出现过期的密码还能够继续使用的情况,可以有效规避密码被非法盗用的隐患,提高密码管理的安全性和有效性。Wherein, the initial state of the password is an unused state or a valid state. The password application rules are the requirements that need to be met when the password is applied. The password application rules include: password times limit, password time limit, password level and/or expected path parameters. The analysis module can timely determine whether the initial password status of the password corresponding to the password symbol needs to be changed, which can ensure that the password corresponding to the password symbol will not appear in the application transfer process, and the expired password can continue to be used, which can effectively avoid passwords being illegally stolen hidden dangers and improve the security and effectiveness of password management.
在一个实施方式中,分析模块根据应用流转数据和密码应用规则确定密码标志对应的密码的初始密码状态是否需要进行变更的步骤,包括:In one embodiment, the analysis module determines whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data and the password application rules, including:
第一步,从密码应用规则中提取密码次限,并从应用流转数据中提取次限标签的当前值。In the first step, the password limit is extracted from the password application rules, and the current value of the limit label is extracted from the application flow data.
其中,密码次限包括复制次限、粘贴次限和/或使用次限;次限标签包含复制标签、粘贴标签和/或使用标签。在一个实施方式中,分析模块分别提取复制次限、粘贴次限和/或使用次限以及复制标签、粘贴标签和/或使用标签的当前值。Wherein, the password limit includes a copy limit, a paste limit and/or a use limit; the limit label includes a copy label, a paste label and/or a use label. In one embodiment, the analysis module extracts the current values of copy limit, paste limit and/or use limit and copy label, paste label and/or use label, respectively.
第二步,当次限标签的当前值符合预设条件时,确定初始密码状态需要变更。该初始密码状态为未使用状态或有效状态。该预设条件包括三种情况,其中,第一种情况为:复制标签的当前值没有超过对应的复制次限、粘贴标签的当前值为0且使用标签的当前值为1,需要说明的是,该第一种情况说明密码标志对应的密码第一次被使用,即可确定初始密码状态需要由未使用状态变更为已使用状态;第二种情况为复制标签的当前值不超过对应的复制次限、粘贴标签的当前值为1且使用标签的当前值为0,该第二种情况说明密码标志对应的密码第一次被粘贴,即可确定密码状态需要由未使用状态变更为已使用状态;第三种情况为粘贴标签的当前值等于粘贴次限或使用次限的当前值等于使用次限,该第三种情况说明该密码标志对应的密码已经达到使用极限,即密码状态需要变更为失效状态。The second step is to determine that the initial password state needs to be changed when the current value of the secondary limit tag meets the preset condition. The initial password state is an unused state or a valid state. The preset condition includes three cases, among which, the first case is: the current value of the copied label does not exceed the corresponding copying limit, the current value of the pasted label is 0, and the current value of the used label is 1. It should be noted that , the first case shows that the password corresponding to the password flag is used for the first time, and it can be determined that the initial password state needs to be changed from the unused state to the used state; the second case is that the current value of the copy label does not exceed the corresponding copy Second limit, the current value of the pasted label is 1 and the current value of the used label is 0. The second case shows that the password corresponding to the password flag is pasted for the first time, and it can be determined that the password status needs to be changed from unused to used state; the third case is that the current value of the pasted label is equal to the pasting limit or the current value of the use limit is equal to the use limit. The third case shows that the password corresponding to the password mark has reached the use limit, that is, the password status needs to be changed is in failure state.
第三步,从密码应用规则中提取预期路径参数,并从应用流转数据中提取实际路径参数。其中,预期路径参数包含预期发送地址、预期中介地址和预期目标地址。实际路径参数包含实际发送地址、实际中介地址和实际目标地址。In the third step, the expected path parameters are extracted from the password application rules, and the actual path parameters are extracted from the application flow data. Wherein, the expected path parameter includes an expected sending address, an expected intermediary address and an expected destination address. The actual path parameter contains the actual sending address, the actual intermediary address and the actual destination address.
第四步,对比实际路径参数和预期路径参数。当预期路径参数包含实际路径参数时,说明密码标志对应的密码处于正常的应用流转过程中,不需要对该密码标志对应的密码的初始密码状态做出处理。The fourth step is to compare the actual path parameters with the expected path parameters. When the expected path parameter includes the actual path parameter, it means that the password corresponding to the password flag is in the normal application transfer process, and there is no need to process the initial password state of the password corresponding to the password flag.
第五步,当预期路径参数没有包含所述实际路径参数时,从密码应用规则中提取密码级别。其中,密码级别包括一级密码、二级密码和三级密码。需要说明的是,由于不同的密码级别的密码对应不同的安全需求级别,因此,当预期路径参数不包含实际路径参数时,根据密码标志中包含的密码级别确定密码标志对应的密码的初始密码状态是否需要进行变更可以平衡密码在应用流转过程中的安全性和使用效率。In the fifth step, when the expected path parameter does not include the actual path parameter, the password level is extracted from the password application rule. Wherein, the password level includes a first-level password, a second-level password and a third-level password. It should be noted that since passwords of different password levels correspond to different security requirement levels, when the expected path parameter does not contain the actual path parameter, the initial password state of the password corresponding to the password flag is determined according to the password level contained in the password flag Whether it needs to be changed can balance the security and efficiency of passwords in the application flow process.
第五步,当密码级别为一级密码时,确定初始密码状态需要进行变更。需要说明的是,由于一级密码对应最高安全需求,因此,为了最大限度规避了密码标志对应的密码被非法盗用的隐患,只要当预期路径参数不包含实际路径参数,分析模块就认为该密码标志对应的密码的初始密码状态需要变更为失效状态,以保证密码在应用流转过程中的安全性。In the fifth step, when the password level is a first-level password, it is determined that the initial password status needs to be changed. It should be noted that since the first-level password corresponds to the highest security requirement, in order to avoid the hidden danger of the password corresponding to the password flag being illegally stolen to the greatest extent, as long as the expected path parameter does not contain the actual path parameter, the analysis module will consider the password flag The initial password state of the corresponding password needs to be changed to an invalid state to ensure the security of the password during the application transfer process.
第六步,当密码级别为二级密码时,分析模块判断预期中介地址是否包含实际中介地址且预期目标地址是否包含实际目标地址,当分析模块判断预期中介地址不包含述实际中介地址或预期目标地址不包含实际目标地址时,确定初始密码状态需要进行变更。Step 6, when the password level is a secondary password, the analysis module judges whether the expected intermediary address contains the actual intermediary address and whether the expected target address contains the actual target address; when the analysis module judges that the expected intermediary address does not contain the actual intermediary address or the expected target When the address does not contain the actual destination address, it is determined that the initial cryptographic state requires a change.
第七步,当密码级别为三级密码时,判断预期目标地址是否包含实际目标地址,当预期目标地址不包含实际目标地址时,确定所述密码状态需要进行变更。需要说明的是,由于三级密码对应低安全需求,因此,为了提高密码的使用效率,只要预期目标地址中包含实际目标地址,分析模块就认为该密码标志对应的密码处于正常的应用流转过程中,只有预期目标地址不包含实际目标地址时,分析模块才认为将密码标志对应的密码的初始密码状态需要变更为失效状态。Step 7: When the password level is a third-level password, determine whether the expected target address includes the actual target address, and when the expected target address does not include the actual target address, determine that the password status needs to be changed. It should be noted that because the third-level password corresponds to low security requirements, in order to improve the efficiency of password use, as long as the expected target address contains the actual target address, the analysis module will consider the password corresponding to the password flag to be in the normal application flow process , only when the expected target address does not include the actual target address, the analysis module considers that the initial password state of the password corresponding to the password flag needs to be changed to an invalid state.
需要说明的是,上述步骤中,第一步至第二步与第三步至第七步没有必然的顺序关系,当接收到的应用流转数据中只包含次限标签的当前值时,可以只执行第一步和第二步;只接收到当接收到的应用流转数据中只包含实际路径参数时,可以只执行第三步至第七步。It should be noted that in the above steps, the first to second steps and the third to seventh steps have no necessary sequence relationship. When the received application flow data only contains the current value of the sublimit label, you can Execute the first and second steps; only when the received application flow data only contains actual path parameters, only the third to seventh steps can be executed.
步骤304,当初始密码状态需要进行变更时,生成密码状态变更请求。Step 304, when the initial password status needs to be changed, generate a password status change request.
其中,密码状态变更请求包含密码标志和待变更状态。Wherein, the password status change request includes a password flag and a status to be changed.
步骤305,发送密码状态变更请求至执行模块,以使执行模块变更初始密码状态后,生成并发送密码状态变更信息至全部业务节点。Step 305, sending a cryptographic state change request to the execution module, so that the execution module generates and sends cryptographic state change information to all service nodes after changing the initial cryptographic state.
其中,密码状态变更信息包含密码标志和已变更密码状态;全部业务节点包含密码模块、跟踪模块、分析模块和预期路径参数中包含的预期发送地址、预期中介地址和预期目标地址对应的业务节点。Among them, the cryptographic state change information includes the cryptographic flag and the changed cryptographic state; all business nodes include cryptographic modules, tracking modules, analysis modules, and business nodes corresponding to the expected sending address, expected intermediary address, and expected target address included in the expected path parameters.
本实施例提供一种应用于分析模块的密码管理的方法,该方法首先接收来自密码模块的密码标志、密码状态和密码应用规则。其中,其中,密码标志与密码唯一对应,且密码标志包含加密口令和识别标志,该加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,通过密码标志可以提升密码管理的安全性。其次,接收来自跟踪模块的应用流转数据。然后,根据应用流转数据和密码应用规则确定密码标志对应的密码的初始密码状态是否需要进行变更,当初始密码状态需要进行变更时,生成密码状态变更请求。最后,发送密码状态变更请求至执行模块,以使执行模块变更初始密码状态后,生成并发送密码状态变更信息至全部业务节点,避免密码异常使用造成用户损失,即本方法通过在密码管理的过程中使用密码标志和初始密码状态提高了密码管理的安全性和有效性。This embodiment provides a password management method applied to the analysis module. The method first receives the password flag, password status and password application rules from the password module. Among them, the password mark is uniquely corresponding to the password, and the password mark includes an encrypted password and an identification mark, the encrypted password ensures that the password is not leaked during the password management process, and the identification mark ensures that the password mark and the password are unique during the password management process Therefore, the security of password management can be improved through the password flag. Second, the application flow data from the tracking module is received. Then, determine whether the initial password state of the password corresponding to the password flag needs to be changed according to the application flow data and the password application rules, and generate a password state change request when the initial password state needs to be changed. Finally, send a password status change request to the execution module, so that after the execution module changes the initial password status, it will generate and send password status change information to all business nodes, so as to avoid user losses caused by abnormal use of passwords, that is, this method passes through the process of password management The use of password flags and initial password states improves the security and effectiveness of password management.
本实施例还提供一种密码管理的系统,应用于密码模块,如图4所示,该系统包括:第一密码生成模块41、第一密码获取模块42、第一密码发送模块43和第二密码发送模块44。This embodiment also provides a password management system, which is applied to a password module. As shown in FIG.
第一密码生成模块41,用于响应密码生成请求,生成密码、初始密码状态和密码标志。其中,密码生成请求是密码模块接收的来自第三方应用的请求,该密码生成请求中携带密码生成规则。The first
在一个实施方式中,第一密码生成模块41响应密码生成请求,根据该密码生成请求携带的密码生成规则生成密码、初始密码状态和密码标志。其中,密码模块生成的密码可以是数字、符号、图形和/或文字等不同类型。密码初始状态可设置为未使用状态或者有效状态。密码标志与密码唯一对应,并且,密码标志包含加密口令和识别标志。其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志。在密码管理的过程中,密码模块可以将密码标志发送至其他模块,使其他模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在密码模块将密码标志发送至其他模块过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。In one embodiment, the first
在另一个实施方式中,密码生成请求也可以是密码模块根据自身需求生成的请求。第一密码生成模块41响应该密码生成请求,根据密码模块中存储的约定生成密码、初始密码状态和密码标志。其中,密码模块生成的密码可以是数字、符号、图形和/或文字等不同类型。密码初始状态可设置为未使用状态或者有效状态。密码标志与密码唯一对应,并且,密码标志包含加密口令和识别标志。其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志,该识别标志还可以标志密码的密码类型和/或跟踪类型,该密码类型包括数字、符号、图形和/或文字等,跟踪类型包括剪贴板类型和/或短信类型等。In another implementation manner, the password generation request may also be a request generated by the password module according to its own requirements. The first
第一密码获取模块42,用于获取密码标志对应的密码的密码应用规则。其中,密码应用规则是密码的应用时需要符合的要求。密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。其中,密码次限是密码可以具体应用的次数阈值,包括复制次限、粘贴次限和/或使用次限。密码时限是密码的预设生命时长。密码级别是密码的安全需求级别,通常为一级密码、二级密码或三级密码,其中,一级密码对应高安全需求,二级密码对应的安全需求介于一级密码和三级密码对应的安全需求之间,三级密码对应低安全需求。预期路径参数是密码预期流转的各业务节点的地址参数,包括预期发送地址、预期中介地址和预期目标地址,其中,预期发送地址是密码标志的生成地址,该预期发送地址可以是设备序列号、网内标志或互联网协议(Internet Protocol,IP)地址等;预期中介地址是该密码标志使用前预期经过的中间存储介质对应的地址,一般为剪贴板或短信中心对应的地址;预期目标地址是至密码标志预期适用的地址,该预期目标地址可以是设备序列号、网内标志或互联网协议(Internet Protocol,IP)地址等。The first
第一密码发送模块43,用于将密码应用规则和密码标志发送至跟踪模块,以使跟踪模块根据密码应用规则监测密码标志对应的密码。The first
需要说明的是,第一密码发送模块43将密码标志发送至跟踪模块能使跟踪模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在密码模块将密码标志发送至跟踪模块过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。It should be noted that the first
在一个实施方式中,第一密码发送模块43将密码应用规则和密码标志发送至跟踪模块之后,为了使跟踪模块容易根据密码应用规则监测密码标志对应的密码,密码模块还设置第一密码提取模块和第二密码生成模块。第一密码提取模块从获取的密码应用规则中提取密码次限,然后第二密码生成模块根据密码次限生成次限标签,最后第一密码发送模块43将次限标签发送至跟踪模块。需要说明的是,密码次限是密码可以具体应用的次数阈值,包括复制次限、粘贴次限和/或使用次限,密码模块根据密码次限生成次限标签也对应包含复制标签、粘贴标签和/或使用标签,这些次限标签的初始值均为0。In one embodiment, after the first
第二密码发送模块44,用于将密码应用规则、初始密码状态和密码标志发送至分析模块,以使分析模块确定密码标志对应的密码的初始密码状态是否需要进行变更。The second
需要说明的是,第二密码发送模块44将密码标志发送至分析模块能使分析模块通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在密码模块将密码标志发送至分析模块过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。It should be noted that the second
本实施例提供的应用于密码模块的密码管理的系统中各模块的工作方式与应用于密码模块的密码管理的方法中各步骤对应,因此,应用于密码模块的密码管理的系统中各模块的详细工作方式可参见本实施例提供的应用于密码模块的密码管理的方法。The working mode of each module in the password management system applied to the password module provided in this embodiment corresponds to each step in the method applied to the password management of the password module. Therefore, each module in the password management system applied to the password module For detailed working methods, refer to the password management method applied to the password module provided in this embodiment.
还需要说明的是,本实施例提供应用于密码模块的密码管理的系统中的各模块是逻辑模块,其物理承载不限。当各模块分属于不同的物理承载时,各模块之间可以进行联动以实现密码管理。It should also be noted that each module in the password management system applied to the password module provided by this embodiment is a logical module, and its physical bearer is not limited. When the modules belong to different physical bearers, the modules can be linked to realize password management.
本实施例提供一种应用于密码模块的密码管理的系统,该系统首先通过第一密码生成模块41响应密码生成请求,生成密码、初始密码状态和密码标志,其中,其中,密码标志与密码唯一对应,且密码标志包含加密口令和识别标志,该加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,通过密码标志可以提升密码管理的安全性。其次,第一密码获取模块42获取密码标志对应的密码的密码应用规则,然后,第一密码发送模块43密码应用规则和密码标志发送至跟踪模块,以使跟踪模块根据密码应用规则监测密码标志对应的密码,同时,第二密码发送模块44将密码应用规则、初始密码状态和密码标志发送至分析模块,以使分析模块确定密码标志对应的密码的初始密码状态是否需要进行变更,避免密码异常使用造成用户损失,即本系统通过在密码管理的过程中使用密码标志和初始密码状态提高了密码管理的安全性和有效性。This embodiment provides a system for password management applied to a password module. The system first responds to a password generation request through the first
本实施例还提供一种密码管理的系统,应用于跟踪模块,如图5所示,该系统包括:第一跟踪接收模块51、第一跟踪监测模块52、第一跟踪记录模块53和第一跟踪发送模块54。This embodiment also provides a password management system, which is applied to the tracking module. As shown in Figure 5, the system includes: a first
第一跟踪接收模块51,用于接收来自密码模块的密码应用规则和密码标志。其中,密码应用规则是密码的应用时需要符合的要求,密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。密码标志包含加密口令和识别标志,其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志。The first
需要说明的是,第一跟踪接收模块51通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在跟踪模块使用密码标志的过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。It should be noted that the first
在一个实施方式中,第一跟踪接收模块51还接收来自密码模块的次限标签。该次限标签是密码模块为了方便跟踪模块容易监测密码标志对应的密码生成的标签,其中,次限标签包括复制标签、粘贴标签和/或使用标签。该次限标签的初始值均为0。In one embodiment, the first
第一跟踪监测模块52,用于根据所述密码应用规则监测所述密码标志对应的密码。其中,密码应用规则包括密码次限、密码时限、密码级别和/或预期路径参数。在一个实施方式中,为了全面地监测密码标志的应用流转过程,在一个实施方式中,第一跟踪监测模块52还包括第一跟踪提取子模块和第一跟踪监测子模块。首先,第一跟踪提取子模块从密码应用规则中提取预期路径参数,该预期路径参数包含预期发送地址、预期中介地址和预期目标地址;然后,第一跟踪监测子模块跟踪模块监测该预期发送地址、预期中介地址和预期目标地址。需要说明的是,由于该预期路径参数是密码预期流转的各业务节点的地址参数,因此,第一跟踪监测模块52只需监测预期路径参数中的预期发送地址、预期中介地址和预期目标地址,就能全面地监测密码标志的应用流转过程,进行密码管理。The first tracking and
第一跟踪记录模块53,用于当密码标志对应的密码发生应用流转时,记录密码的应用流转数据。其中,密码的应用流转数据包含实际路径参数和/或次限标签的当前值。实际路径参数是密码实际流转的各业务节点的地址参数,该实际路径参数包含实际发送地址、实际中介地址和实际目标地址。次限标签包含复制标签、粘贴标签和/或使用标签。The first tracking and
需要说明的时,第一跟踪记录模块53通过次限标签能够容易记录密码的应用流转数据,方便进行密码管理。在一个实施方式中,当密码标志对应的密码第一次被复制时,第一跟踪记录模块53将复制标签的初始值加1,即第一跟踪记录模块53记录的复制标签的当前值为1。When it needs to be explained, the first tracking and
第一跟踪发送模块54,用于将应用流转数据发送至分析模块,以使分析模块根据应用流转数据确定密码标志对应的密码的初始密码状态是否需要进行变更。The first
本实施例提供的应用于跟踪模块的密码管理的系统中各模块的工作方式与应用于跟踪模块的密码管理的方法中各步骤对应,因此,应用于跟踪模块的密码管理的系统中各模块的详细工作方式可参见本实施例提供的应用于跟踪模块的密码管理的方法。The working mode of each module in the system applied to the password management of the tracking module provided in this embodiment corresponds to each step in the method applied to the password management of the tracking module, therefore, each module in the system applied to the password management of the tracking module For detailed working methods, refer to the password management method applied to the tracking module provided in this embodiment.
还需要说明的是,本实施例提供应用于跟踪模块的密码管理的系统中的各模块是逻辑模块,其物理承载不限。当各模块分属于不同的物理承载时,各模块之间可以进行联动以实现密码管理。It should also be noted that each module in the system for password management applied to the tracking module provided by this embodiment is a logical module, and its physical bearer is not limited. When the modules belong to different physical bearers, the modules can be linked to realize password management.
本实施例提供一种应用于跟踪模块的密码管理的系统,该系统首先通过第一密码生成模块41接收来自密码模块的密码应用规则和密码标志,其中,其中,密码标志与密码唯一对应,且密码标志包含加密口令和识别标志,该加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,通过密码标志可以提升密码管理的安全性。其次,第一密码获取模块42根据密码应用规则监测密码标志对应的密码,当密码标志对应的密码发生应用流转时,第一密码发送模块43记录密码的应用流转数据;最后,第二密码发送模块44将应用流转数据发送至分析模块,以使分析模块根据应用流转数据确定密码标志对应的密码的初始密码状态是否需要进行变更,避免密码异常使用造成用户损失,即本系统通过在密码管理的过程中使用密码标志和初始密码状态提高了密码管理的安全性和有效性。The present embodiment provides a system applied to the password management of the tracking module. The system first receives the password application rules and the password sign from the password module through the first
本实施例还提供一种密码管理的系统,应用于分析模块,如图6所示,该系统包括:第一分析接收模块61、第二分析接收模块62、第一分析决策模块63、第一分析生成模块64和第一分析发送模块65。This embodiment also provides a password management system, which is applied to the analysis module. As shown in Figure 6, the system includes: a first
其中,第一分析接收模块61用于接收来自密码模块的密码标志、密码状态和密码应用规则。其中,密码标志包含加密口令和识别标志,其中,加密口令是密码被密码模块进行加密后的密文,识别标志是唯一标识密码的标志。需要说明的是,第一分析接收模块61通过密码标志包含的加密口令和识别标志获得密码标志与密码的唯一对应关系。并且,由于加密口令是密码进行加密后的密文,在第一分析接收模块61接收密码标志的过程中,即使黑客截获了密码标志,也无法通过密码标志获得密码标志对应的密码。由此可知,加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,密码管理的过程利用密码标志可以规避密码被非法盗用的隐患,提升密码管理的安全性。密码初始状态为未使用状态或有效状态。密码应用规则是密码的应用时需要符合的要求,密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。Wherein, the first analyzing and receiving
在一个实施方式中,该系统还包括第一分析提取模块、第一分析获取模块、第二分析决策模块、第二分析生成模块和第二分析发送模块。在第一分析接收模块61接收来自密码模块的密码标志、密码状态和密码应用规则之后,需要判断该密码标志对应的密码的当前生命时长是否已经超过密码时限,具体地:首先,第一分析提取模块从密码应用规则中提取密码时限,其中,密码时限是密码标志对应的密码的预设生命时长。其次,第一分析获取模块获取计时器的计时时长,其中,计时器是密码模块中与密码标志一同生成的计时器,计时器是密码模块中与密码一同生成的计时器,该计时时长是密码标志对应的密码的当前生命时长。然后,分析模块判断该计时时长是否小于密码时限,当计时时长小于密码时限时,说明该密码标志的当前生命时长没有超过预设生命时长,该密码标志对应的密码还可以继续使用,不需要对密码标志对应的密码的密码初始状态进行变更;当计时时长不小于密码时限时,说明该密码标志对应的密码的当前生命时长已经超过预设生命时长,为了规避密码被非法盗用的隐患,该密码将不可以继续使用,因此,第二分析生成模块生成密码状态变更请求,该密码状态变更请求用于请求将密码标志对应的密码的密码初始状态变更为失效状态。最后,第二分析发送模块将将该密码状态变更请求发送至执行模块,以使执行模块变更密码状态后,生成并发送密码状态变更信息至全部业务节点。其中,全部业务节点包含密码模块、跟踪模块、分析模块和预期路径参数中包含的预期发送地址、预期中介地址和预期目标地址对应的业务节点。需要说明的是,该系统判断该密码标志的当前生命时长是否已经超过密码时限能够规避已经过期的密码标志被非法盗用的隐患。In one embodiment, the system further includes a first analysis extraction module, a first analysis acquisition module, a second analysis decision module, a second analysis generation module and a second analysis sending module. After the first
第二分析接收模块62,用于接收来自跟踪模块的应用流转数据。其中,应用流转数据包含实际路径参数和/或次限标签的当前值。实际路径参数是密码实际流转的各业务节点的地址参数,该实际路径参数包含实际发送地址、实际中介地址和实际目标地址。次限标签包含复制标签、粘贴标签和/或使用标签。The second
第一分析决策模块63,用于根据应用流转数据和密码应用规则确定密码标志对应的密码的初始密码状态是否需要进行变更。其中,密码初始状态为未使用状态或有效状态。密码应用规则是密码的应用时需要符合的要求,密码应用规则包括:密码次限、密码时限、密码级别和/或预期路径参数。第一分析决策模块63及时地确定密码标志对应的密码的初始密码状态是否需要进行变更能够保证密码标志对应的密码在应用流转过程中不会出现过期的密码还能够继续使用的情况,可以有效规避密码被非法盗用的隐患,提高密码管理的安全性和有效性。The first analysis and decision-making
第一分析生成模块64,用于当初始密码状态需要进行变更时,生成密码状态变更请求。其中,密码状态变更请求包含密码标志和待变更状态。The first
第一分析发送模块65,发送密码状态变更请求至执行模块,以使执行模块变更初始密码状态后,生成并发送密码状态变更信息至全部业务节点。其中,密码状态变更信息包含密码标志和已变更密码状态;全部业务节点包含密码模块、跟踪模块、分析模块和预期路径参数中包含的预期发送地址、预期中介地址和预期目标地址对应的业务节点。The first
本实施例提供的应用于分析模块的密码管理的系统中各模块的工作方式与应用于分析模块的密码管理的方法中各步骤对应,因此,应用于分析模块的密码管理的系统中各模块的详细工作方式可参见本实施例提供的应用于分析模块的密码管理的方法。The working mode of each module in the password management system applied to the analysis module provided by this embodiment corresponds to each step in the method applied to the password management of the analysis module. Therefore, the methods of each module in the password management system applied to the analysis module For detailed working methods, please refer to the password management method applied to the analysis module provided in this embodiment.
还需要说明的是,本实施例提供应用于分析模块的密码管理的系统中的各模块是逻辑模块,其物理承载不限。当各模块分属于不同的物理承载时,各模块之间可以进行联动以实现密码管理。It should also be noted that each module in the system for password management applied to the analysis module provided by this embodiment is a logical module, and its physical bearer is not limited. When the modules belong to different physical bearers, the modules can be linked to realize password management.
本实施例提供一种应用于分析模块的密码管理的系统,该系统的第一分析接收模块61首先接收来自密码模块的密码标志、密码状态和密码应用规则。其中,其中,密码标志与密码唯一对应,且密码标志包含加密口令和识别标志,该加密口令保证了密码管理的过程中密码不被泄露,识别标志保证了密码管理过程中密码标志与密码的唯一对应关系,因此,通过密码标志可以提升密码管理的安全性。其次,第二分析接收模块62接收来自跟踪模块的应用流转数据。然后,第一分析决策模块63根据应用流转数据和密码应用规则确定密码标志对应的密码的初始密码状态是否需要进行变更,当初始密码状态需要进行变更时,第一分析生成模块64生成密码状态变更请求。最后,第一分析发送模块65发送密码状态变更请求至执行模块,以使执行模块变更初始密码状态后,生成并发送密码状态变更信息至全部业务节点,避免密码异常使用造成用户损失,即本系统通过在密码管理的过程中使用密码标志和初始密码状态提高了密码管理的安全性和有效性。This embodiment provides a password management system applied to the analysis module. The first
本实施例还提供一种密码管理的系统,如图7所示,该系统包括密码模块71、跟踪模块72、分析模块73和执行模块74。This embodiment also provides a password management system. As shown in FIG. 7 , the system includes a
其中,密码模块71包含上述第一密码生成模块41、第一密码获取模块42、第一密码发送模块43和第二密码发送模块44。Wherein, the
跟踪模块72包含上述第一跟踪接收模块51、第一跟踪监测模块52、第一跟踪记录模块53和第一跟踪发送模块54。The
分析模块73包含上述第一分析接收模块61、第二分析接收模块62、第一分析决策模块63、第一分析生成模块64和第一分析发送模块65。The
执行模块74包含执行接收模块、执行变更模块、执行生成模块和执行发送模块。在一个实施方式中,执行接收模块用于接收来自分析模块73的密码状态变更请求,该密码状态变更请求包含密码标志和待变更状态;执行变更模块用于响应该密码状态变更请求,变更该密码标志对应的密码的初始密码状态;执行生成模块用于生成密码状态变更信息,该密码状态变更信息包含密码标志和已变更密码状态;执行发送模块用于将该密码状态变更信息发送至全部业务节点,以保障全部业务节点同步该密码标志对应的密码的已变更密码状态,避免密码异常使用造成用户损失,提高密码管理的安全性和有效性。The
密码模块71、跟踪模块72和分析模块73接收到来自执行模块74的密码状态变更信息后,分别将密码标志对应的密码状态同步为已变更密码状态。需要说明的是,当已变更密码状态为失效状态时,跟踪模块72结束对该密码标志对应的密码的跟踪。After the
还需要说明的是,本实施例提供的密码管理的系统中涉及的各模块是逻辑模块,其物理承载不限。当各模块分属于不同的物理承载时,各模块之间可以进行联动以实现密码管理。It should also be noted that each module involved in the password management system provided by this embodiment is a logical module, and its physical load is not limited. When the modules belong to different physical bearers, the modules can be linked to realize password management.
可以理解的是,以上实施方式仅仅是为了说明本发明的原理而采用的示例性实施方式,然而本发明并不局限于此。对于本领域内的普通技术人员而言,在不脱离本发明的精神和实质的情况下,可以做出各种变型和改进,这些变型和改进也视为本发明的保护范围。It can be understood that, the above embodiments are only exemplary embodiments adopted for illustrating the principle of the present invention, but the present invention is not limited thereto. For those skilled in the art, various modifications and improvements can be made without departing from the spirit and essence of the present invention, and these modifications and improvements are also regarded as the protection scope of the present invention.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456387.7A CN111597547B (en) | 2020-05-26 | 2020-05-26 | Method and system for password management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010456387.7A CN111597547B (en) | 2020-05-26 | 2020-05-26 | Method and system for password management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111597547A CN111597547A (en) | 2020-08-28 |
| CN111597547B true CN111597547B (en) | 2023-04-28 |
Family
ID=72192253
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010456387.7A Active CN111597547B (en) | 2020-05-26 | 2020-05-26 | Method and system for password management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111597547B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506304A (en) * | 2014-11-20 | 2015-04-08 | 成都卫士通信息产业股份有限公司 | An adaptation control system and method for enhancing password device on-demand service capacity |
| CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
| WO2017093917A1 (en) * | 2015-12-01 | 2017-06-08 | Groupe Mw Inc. | Method and system for generating a password |
| CN107241184A (en) * | 2017-06-13 | 2017-10-10 | 西北工业大学 | Personal identification number generation and management method based on improvement AES |
| CN107392008A (en) * | 2017-07-18 | 2017-11-24 | 深圳天珑无线科技有限公司 | Cipher management method, Password Management equipment and computer-readable recording medium |
| CN108418785A (en) * | 2017-12-13 | 2018-08-17 | 平安科技(深圳)有限公司 | Password call method, server and storage medium |
| CN108537038A (en) * | 2018-03-22 | 2018-09-14 | 平安科技(深圳)有限公司 | Custom rule cipher management method, device, terminal device and storage medium |
-
2020
- 2020-05-26 CN CN202010456387.7A patent/CN111597547B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506304A (en) * | 2014-11-20 | 2015-04-08 | 成都卫士通信息产业股份有限公司 | An adaptation control system and method for enhancing password device on-demand service capacity |
| CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
| WO2017093917A1 (en) * | 2015-12-01 | 2017-06-08 | Groupe Mw Inc. | Method and system for generating a password |
| CN107241184A (en) * | 2017-06-13 | 2017-10-10 | 西北工业大学 | Personal identification number generation and management method based on improvement AES |
| CN107392008A (en) * | 2017-07-18 | 2017-11-24 | 深圳天珑无线科技有限公司 | Cipher management method, Password Management equipment and computer-readable recording medium |
| CN108418785A (en) * | 2017-12-13 | 2018-08-17 | 平安科技(深圳)有限公司 | Password call method, server and storage medium |
| CN108537038A (en) * | 2018-03-22 | 2018-09-14 | 平安科技(深圳)有限公司 | Custom rule cipher management method, device, terminal device and storage medium |
Non-Patent Citations (5)
| Title |
|---|
| amp ; lt ; /a amp ; amp ; gt ; .IETF .2020,全文. * |
| amp ; lt ; a href= amp ; quot ; ./draft-ietf-regext-login-security-10 amp * |
| J. Gould ; M. Pozun ; VeriSign, Inc. ; .Login Security Extension for the Extensible Provisioning Protocol (EPP) amp * |
| quot ; amp ; amp ; gt ; draft-ietf-regext-login-security-10 amp * |
| 徐开勇 ; 袁庆军 ; 谭磊 ; 陆思奇 ; .密码服务API通用可组合框架.密码学报.(第04期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111597547A (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109687959B (en) | Key security management system, key security management method, key security management medium, and computer program | |
| CN102195957B (en) | A resource sharing method, device and system | |
| CN107800678A (en) | The method and device that detection terminal is registered extremely | |
| CN108521408A (en) | Resist method of network attack, device, computer equipment and storage medium | |
| US20100191954A1 (en) | Method and apparatus for transmitting message in heterogeneous federated environment, and method and apparatus for providing service using the message | |
| CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
| WO2024212512A1 (en) | Remote attestation method, apparatus and device, and readable storage medium | |
| CN115333803B (en) | User password encryption processing method, device, equipment and storage medium | |
| CN118395461A (en) | Database data encryption and decryption method, system, electronic equipment and storage medium | |
| WO2018210097A1 (en) | Method and device for execution transaction mode by classification | |
| CN102143190B (en) | Safe login method and device | |
| CN111597547B (en) | Method and system for password management | |
| TWM660491U (en) | Digital Identity Authentication Tool Management System | |
| CN116244725A (en) | File processing method and device based on block chain, equipment and file contribution system | |
| CN113992381A (en) | Authorization method, device, authorization platform and storage medium | |
| CN109389398A (en) | A kind of generation method and system of transaction certificate | |
| CN112329064A (en) | A digital mark-based electronic document security management system and method | |
| CN118260738A (en) | Business process processing method, device, system, storage medium and processor | |
| CN116561777A (en) | Data processing method and device | |
| JP4967056B2 (en) | Policy determination apparatus, method, and program | |
| Li | [Retracted] Computer Security Issues and Legal System Based on Cloud Computing | |
| CN106470248A (en) | The hot spare method of DNSSEC Digital signature service and system | |
| CN116743481A (en) | Service security management and control method, device, equipment and storage medium | |
| CN106789272A (en) | A kind of server set group managing means and system | |
| CN107516044A (en) | A kind of recognition methods, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |