[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN110944006A - Password blacklist query method for providing anonymous protection and application thereof - Google Patents

Password blacklist query method for providing anonymous protection and application thereof Download PDF

Info

Publication number
CN110944006A
CN110944006A CN201911260910.2A CN201911260910A CN110944006A CN 110944006 A CN110944006 A CN 110944006A CN 201911260910 A CN201911260910 A CN 201911260910A CN 110944006 A CN110944006 A CN 110944006A
Authority
CN
China
Prior art keywords
data
password
blacklist
server
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911260910.2A
Other languages
Chinese (zh)
Inventor
王锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yangtze Delta Region Institute of Tsinghua University Zhejiang
Original Assignee
Yangtze Delta Region Institute of Tsinghua University Zhejiang
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yangtze Delta Region Institute of Tsinghua University Zhejiang filed Critical Yangtze Delta Region Institute of Tsinghua University Zhejiang
Priority to CN201911260910.2A priority Critical patent/CN110944006A/en
Publication of CN110944006A publication Critical patent/CN110944006A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cipher blacklist query method for providing anonymous protection and application thereof, which can completely eliminate the risk of leakage of data of a user password in a server by encrypting and converting a cipher into a ciphertext cipher, then selecting a characteristic value from the ciphertext cipher through a characteristic algorithm, sending the characteristic value to the server for comparison, and carrying out cipher comparison query on the premise that a local host does not leak the user password to the server, and only transmitting the encrypted data of the leaked password with the same characteristic value in a blacklist to the local host for comparison, thereby greatly reducing the data transmission quantity, improving the maintenance convenience and also reducing the risk of illegal use of the password blacklist by a user.

Description

Password blacklist query method for providing anonymous protection and application thereof
Technical Field
The invention relates to the technical field of data security protection and verification, in particular to a password blacklist query method for providing anonymous protection and application thereof.
Background
With the development of science and technology, electronic information becomes data which is closely related to everyone, for example, people's daily social APP, bank card bills, express delivery data, address information and the like exist on a computer or a network in the form of electronic data, account numbers and passwords are gates and keys for guarding the information, various passwords are leaked on the network for various reasons or habitual problems, and some lawbreakers may use the leaked passwords for gathering for cracking and attacking so as to illegally obtain the information. Therefore, password information leaked to a network is combed to be made into a password blacklist at present, and a user can inquire and compare the password with the blacklist when using the set password. The traditional method is to compare the password plaintext with the password blacklist, and the password blacklist exists in a local host or is stored in a network server according to actual conditions, but both the two conditions have certain disadvantages. First, the password blacklist exists in the local host, which causes inconvenience in maintenance when the password blacklist is updated more frequently, and the password blacklist data existing in the local host itself may be illegally used by some users. Secondly, the password blacklist exists in the network server, and only a query request needs to be submitted when the password blacklist is compared with the network server, so that the maintenance workload is greatly reduced, but the risk of privacy disclosure is introduced due to the fact that the password needs to be submitted to the server. Therefore, a password blacklist query method for providing anonymous protection and application thereof are provided.
Disclosure of Invention
The invention aims to provide a password blacklist query method for providing anonymous protection and application thereof, in order to improve the security of a password, the password is compared with a leaked password blacklist, and the security of a comparison link, the timeliness of the password blacklist and the convenience of a maintenance link are contradictions of the current problems. In order to solve the above problems, the present invention provides the following technical solutions:
a password blacklist query method for providing anonymous protection comprises the following steps:
m1, the local host computer obtains the user password and obtains data D1 through an encryption algorithm S;
m2, obtaining data D2 for the data D1 according to a feature algorithm;
m3, sending the data D2 to the server;
m4, the server obtains a data set T1 by the stored password blacklist through an encryption algorithm S;
m5, the server obtains a data set T2 from the data set T1 according to a feature algorithm;
m6, the server compares the data D2 with all the data in the data set T2, integrates the matched data to form a data subset T3, and transmits the data subset T3 to the local host;
m7, the local host compares the data D1 with the data subset T3, and if the data subset T3 includes the data D1, the user password is risky.
For M5 above, if the signature algorithm is fixed for a certain period of time, the data set T2 may be pre-computed and stored in the server, and need not be re-computed each time the method is performed, thereby reducing server computational stress.
Preferably, the characteristic algorithm in M2 is: and intercepting the data code of the fixed number of bits.
Preferably, the data set T1 is { X }1;Y1. . . . . . . Form, the data set T2 is { (X)1,X2);(Y1,Y2) … … …, so that data in the data set T1 and the data set T2 can be mapped, and the corresponding data can be integrated into a data subset T3 for transmission to a local host.
Preferably, the data in the data subset T3 is encrypted data, so as to reduce the risk of data leakage at the local host.
Preferably, the data subset T3 may be empty.
Preferably, if the data subset T3 is empty, the server returns the instruction data directly to the ontology server.
Preferably, the encryption algorithm S is an irreversible algorithm, so as to further reduce the risk of the cipher data being cracked, and specifically, the irreversible algorithm is a hash algorithm.
The application of the password blacklist query method for providing anonymous protection carries out risk prompt on a user if a password submitted by the user at a local host is contained in the password blacklist.
Compared with the prior art, the invention has the beneficial effects that: the password submitted by the user is encrypted, the characteristic algorithm is converted, the characteristic value is submitted to the server for data comparison, the first plaintext password is not transmitted to the network, the encrypted ciphertext password is only transmitted in an intercepting part, the risk that the data of the user password is revealed in the server can be completely eliminated, the encrypted data of the revealed password with the same characteristic value in the blacklist are only transmitted to the local host for comparison, the data transmission quantity is greatly reduced, the maintenance convenience is improved, the encrypted data are obtained by the local host, and the risk that the user illegally uses the blacklist is reduced.
Drawings
FIG. 1 is a flow chart of query alignment according to the present invention.
Detailed Description
The technical solutions in the present invention are clearly and completely described below with reference to specific embodiments, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Embodiment 1, a user a uses a social APP, sets a login password "20191205" as a password in use, then clicks a [ password detect ] option in the APP, designs that the APP calculates "20191205" through a hash algorithm, and specifically may adopt one of MD5 algorithms in the hash algorithm to convert "20191205" into data D1, that is, "4 ff97ee40f1ac052f634e7e8c2f3e37 e";
then the social APP sends the data D2 of the 6-bit data of the head intercepted according to a characteristic algorithm, namely the data D4 ff97e, of the 4ff97ee40f1ac052f634e7e8c2f3e37e to a server containing a password blacklist;
the server calculates the data in the password blacklist according to the MD5 algorithm and obtains a data set T1 with the form of { X }1;Y1. . . . . . . And then intercepting each data in the data set T1 by the 6-bit data of the head, and correspondingly forming the form { (X) in the presence server in a one-to-one manner1,X2);(Y1,Y2) … … …. } two-dimensional dataset, data set T2, in which X is2、Y2Namely, the data is formed after 6 bits of data of the head part is intercepted;
the server associates "4 ff97 e" with Y in data set T2nComparing, and extracting when the two are found to be the sameCorresponding to XnThus, a new data set, i.e. data subset T3, is formed, and if the server finds that data subset T3 is empty, it returns "password risk free" directly to the social APP, prompting the user.
Embodiment 2, the user B uses the internet banking software, submits an application after setting the password to "123456" for the first time, and the internet banking software calculates "123456" through the MD5 algorithm for the user security to obtain data D1, that is, "e 10adc3949ba59abbe56e057f20f883 e";
then the online banking software intercepts 6 bits of data, namely '0 adc 39', from the third position according to a characteristic algorithm, namely 'e 10adc3949ba59abbe56e057f20f883 e', and sends the data to a server containing a password blacklist as data D2;
the server has implemented that the data set T2 is obtained according to the same hash algorithm and the same characteristic algorithm (6 digits are intercepted from the third digit);
the server associates "0 adc 39" with Y in data set T2nComparing, and extracting corresponding X when the two are found to be the samenSo as to form a new data set, namely a data subset T3, and transmit the data subset T3 to the internet bank software, wherein 5 data with the same middle 6 bits in the data subset T3 are the same, namely
a40adc39a97f753c649f579d3e01e977、b70adc395bb6d521e64c8974c143e9a0、840adc39cabd5e373f54aa5b51d6287e、640adc394396e7c8170902bcf2e15551、e10adc3949ba59abbe56e057f20f883e;
The internet bank software compares the data with '4 ff97ee40f1ac052f634e7e8c2f3e37 e', if the data are completely the same, the set password '123456' is revealed in the network, the user is prompted that the password is too simple and risky, the user is prompted to reset, after the user B resets the password to 'AB 12j 6', the internet bank software performs another round of verification according to the process, and finally, if the data are not the same, the password is not revealed in the network, and the internet bank software is recommended to be used. In the whole process, the password of the user B, whether the password is a plaintext or a ciphertext, only exists in a local host, namely the internet banking software, and the ciphertext password appearing in the server is only an intercepted part, so that the risk of password leakage caused by the application of the method can be greatly reduced. It should be noted that the local hosts and servers are not limited to the conventional lan computers and network servers, and can be in the form of local hosts and servers described herein even if they are deployed locally with devices such as gateways separately connected therebetween.
Embodiment 3, user C wants to use this method to extract the password blacklist data leaked in the server, and enters a particularly simple password "a 1" into the local host, and wants to obtain the data in the password blacklist related to it, and after one round of operation according to the inventive method, hundreds of data, i.e. data subset T3, are obtained in the local host, but because each data is an encrypted ciphertext password and an irreversible hash encryption algorithm is used, the obtained data also has no use.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (9)

1. A password blacklist query method for providing anonymous protection is characterized by comprising the following steps:
m1, the local host computer obtains the user password and obtains data D1 through an encryption algorithm S;
m2, obtaining data D2 for the data D1 according to a feature algorithm;
m3, sending the data D2 to the server;
m4, the server obtains a data set T1 by the stored password blacklist through an encryption algorithm S;
m5, the server obtains a data set T2 from the data set T1 according to a feature algorithm;
m6, the server compares the data D2 with all the data in the data set T2, integrates the matched data to form a data subset T3, and transmits the data subset T3 to the local host;
m7, the local host compares the data D1 with the data subset T3, and if the data subset T3 includes the data D1, the user password is risky.
2. The password blacklist querying method according to claim 1, wherein said M2 feature algorithm is: and intercepting the data code of the fixed number of bits.
3. The cryptographic blacklist lookup method of claim 1 wherein said data set T1 is { X }1;Y1. . . . . . . Form, the data set T2 is { (X)1,X2);(Y1,Y2) … … ….
4. The cryptographic blacklist lookup method of claim 1 wherein the data in said data subset T3 is encrypted data.
5. The cryptographic blacklist lookup method of claim 1 wherein said data subset T3 may be null.
6. The method of claim 5, wherein if the data subset T3 is null, the server returns the command data directly to the ontology server.
7. A cryptographic blacklist lookup method providing anonymous protection according to any one of claims 1-6, wherein said encryption algorithm S is an irreversible algorithm.
8. The method of claim 7, wherein the irreversible algorithm is a hash algorithm.
9. An application of a password blacklist query method for providing anonymous protection is characterized in that: and if the password submitted by the user at the local host is contained in the password blacklist, carrying out risk prompt on the user.
CN201911260910.2A 2019-12-10 2019-12-10 Password blacklist query method for providing anonymous protection and application thereof Pending CN110944006A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911260910.2A CN110944006A (en) 2019-12-10 2019-12-10 Password blacklist query method for providing anonymous protection and application thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911260910.2A CN110944006A (en) 2019-12-10 2019-12-10 Password blacklist query method for providing anonymous protection and application thereof

Publications (1)

Publication Number Publication Date
CN110944006A true CN110944006A (en) 2020-03-31

Family

ID=69910053

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911260910.2A Pending CN110944006A (en) 2019-12-10 2019-12-10 Password blacklist query method for providing anonymous protection and application thereof

Country Status (1)

Country Link
CN (1) CN110944006A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710416A (en) * 2012-06-14 2012-10-03 上海端口商务咨询有限公司 Password encryption method for social website
CN102970298A (en) * 2012-11-28 2013-03-13 华为技术有限公司 Method, equipment and system for secret leakage prevention
CN104348609A (en) * 2014-09-18 2015-02-11 成都西山居互动娱乐科技有限公司 Non-stored password management algorithm
CN104468249A (en) * 2013-09-17 2015-03-25 深圳市腾讯计算机系统有限公司 Method and device for detecting abnormal account number
US20150178485A1 (en) * 2013-12-20 2015-06-25 Canon Kabushiki Kaisha Information processing apparatus, information processing method and non-transitory computer readable medium
KR101591639B1 (en) * 2014-08-04 2016-02-05 (주) 시큐어가드 테크놀러지 Method and apparatus for vetifying authority of request for password and computer readable recording medium applying the same

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710416A (en) * 2012-06-14 2012-10-03 上海端口商务咨询有限公司 Password encryption method for social website
CN102970298A (en) * 2012-11-28 2013-03-13 华为技术有限公司 Method, equipment and system for secret leakage prevention
CN104468249A (en) * 2013-09-17 2015-03-25 深圳市腾讯计算机系统有限公司 Method and device for detecting abnormal account number
US20150178485A1 (en) * 2013-12-20 2015-06-25 Canon Kabushiki Kaisha Information processing apparatus, information processing method and non-transitory computer readable medium
KR101591639B1 (en) * 2014-08-04 2016-02-05 (주) 시큐어가드 테크놀러지 Method and apparatus for vetifying authority of request for password and computer readable recording medium applying the same
CN104348609A (en) * 2014-09-18 2015-02-11 成都西山居互动娱乐科技有限公司 Non-stored password management algorithm

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
W-PWN: "如何确认自己的密码是否泄露?", 《HTTPS://ZHUANLAN.ZHIHU.COM/P/34039001》 *
WTT资讯: "如何确认自己的密码是否泄露?", 《HTTPS://BAIJIAHAO.BAIDU.COM/S?ID=1593598955412818523》 *

Similar Documents

Publication Publication Date Title
US11516020B2 (en) Key management method, apparatus, and system, storage medium, and computer device
US10985913B2 (en) Method and system for protecting data keys in trusted computing
EP3319292B1 (en) Methods, client and server for checking security based on biometric features
WO2020191928A1 (en) Digital identity authentication method, device, apparatus and system, and storage medium
US20190173873A1 (en) Identity verification document request handling utilizing a user certificate system and user identity document repository
WO2020135853A1 (en) Key security management system and method, medium, and computer program
CN109921894B (en) Data transmission encryption method and device, storage medium and server
US10469253B2 (en) Methods and apparatus for migrating keys
US20170126654A1 (en) Method and system for dynamic password authentication based on quantum states
WO2020073513A1 (en) Blockchain-based user authentication method and terminal device
US20030196084A1 (en) System and method for secure wireless communications using PKI
EP1278350A1 (en) Credential authentication for mobile users
CN104683115B (en) Based on the identity identifying method of finger print information
CN113190584B (en) Concealed trace query method based on oblivious transmission protocol
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
CN107733933B (en) Method and system for double-factor identity authentication based on biological recognition technology
CN101808077B (en) Information security input processing system and method and smart card
CN105827395A (en) Network user authentication method
CN102685110A (en) Universal method and system for user registration authentication based on fingerprint characteristics
DK2414983T3 (en) Secure computer system
KR101348079B1 (en) System for digital signing using portable terminal
US8141142B2 (en) Secure authentication of service users of a remote service interface to a storage media
CN113826096A (en) User authentication and signature apparatus and method using user biometric identification data
CN110944006A (en) Password blacklist query method for providing anonymous protection and application thereof
CN111541708A (en) Identity authentication method based on power distribution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200331