Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Password protecting method and device

A password protection and password technology, applied in the field of information security, can solve the problems of user security risks, inability to guarantee password security, password leakage, etc.

Active Publication Date: 2017-05-10
TENCENT TECH (SHENZHEN) CO LTD
View PDF11 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Existing account systems generally store passwords in plain text. This storage method can easily lead to password leaks and bring great security risks to users.
In order to ensure the security of passwords, some account systems will use the fifth version of the Message Digest Algorithm (MD5) to encrypt the passwords and store them. However, it has been proved that the MD5 encryption algorithm can be cracked, and the MD5 algorithm cannot prevent collisions. After the MD5 password, it is only a matter of time to crack it, that is, this method still cannot guarantee the security of the password, and the risk of password leakage is still very high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Password protecting method and device
  • Password protecting method and device
  • Password protecting method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] Such as figure 2 As shown, the method of the present embodiment includes the following steps:

[0029] Step 201, obtaining the user ID and the original plaintext password;

[0030] In specific implementation, when the client registers, the server can obtain the user ID and original plaintext password from the client. The user ID can also be called a user name, registered account number, etc., and the original plaintext password is the registration password provided by the client during registration.

[0031] The client can directly carry the user ID and the original plaintext password in the registration request, and the server can directly obtain the user ID and the original plaintext password from the registration request. However, in this way, the password will be transmitted between the client and the server in plain text, which is easily intercepted by a third party, resulting in password disclosure. Therefore, in this embodiment, the client can also encrypt the...

Embodiment 2

[0051] The method described in Embodiment 1 will be further described in detail in this embodiment with an example. The description process of this embodiment will be divided into two stages, namely, the registration stage and the verification stage. The following describes the process of the registration phase first, such as Figure 3a As shown, the registration phase includes the following steps:

[0052] Step 301, receiving the registration request sent by the client, the registration request includes the user ID and the first ciphertext, and the first ciphertext is obtained by encrypting the original plaintext password by the client using a preset encryption algorithm;

[0053] The user ID can also be called a user name, a registered account number, etc., and the original plaintext password is the registration password provided by the client during registration.

[0054] Specifically, the client can first encrypt the original plaintext password with the RSA public key, an...

Embodiment 3

[0089] In order to better implement the above method, the embodiment of the present invention also provides a password protection device, such as Figure 5 As shown, the password protection device of this embodiment includes: an acquisition unit 501, a salt addition unit 502, a first encryption unit 503 and a storage unit 504, as follows:

[0090] (1) acquisition unit 501;

[0091] The acquiring unit 501 is configured to acquire the user ID and the original plaintext password.

[0092] In a specific implementation, the obtaining unit 501 can obtain the user ID and the original plaintext password from the client when the client registers. The user ID can also be called a user name, a registered account number, etc., and the original plaintext password is the registration password provided by the client during registration. .

[0093] The device in this embodiment may also include a receiving unit, the client may directly carry the user ID and the original plaintext password i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the present invention discloses a password protecting method and device, wherein, the password protecting method comprises: obtaining user identification and an original clear text password; adding salts to the original clear text password with a preset salt value to obtain an original key; using the original key as an encryption key of Hash-based message authentication code HMAC operation; using a secure Hash algorithm SHA as an encryption hash function of the HMAC operation to carry out the HMAC operation to obtain an original cryptograph password; and storing the user identification and the original cryptograph password correspondingly in a database. The embodiment of the present invention is able to assure the password security, and reduce the risk of password disclosing.

Description

technical field [0001] The embodiments of the present invention relate to the technical field of information security, and in particular to a password protection method and device. Background technique [0002] Existing account systems generally store passwords in plain text, which can easily lead to password leaks and bring great security risks to users. In order to ensure the security of passwords, some account systems will use the fifth version of the Message Digest Algorithm (MD5) to encrypt the passwords and store them. However, it has been proved that the MD5 encryption algorithm can be cracked, and the MD5 algorithm cannot prevent collisions. After the MD5 password, it is only a matter of time to crack it, that is, this method still cannot guarantee the security of the password, and the risk of password leakage is still very high. Contents of the invention [0003] In view of this, embodiments of the present invention provide a password protection method and device...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/06H04L9/08
CPCH04L9/0643H04L9/0861
Inventor 吴晓麟
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products