[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112637140A - Password transmission method, terminal, server and readable storage medium - Google Patents

Password transmission method, terminal, server and readable storage medium Download PDF

Info

Publication number
CN112637140A
CN112637140A CN202011435574.3A CN202011435574A CN112637140A CN 112637140 A CN112637140 A CN 112637140A CN 202011435574 A CN202011435574 A CN 202011435574A CN 112637140 A CN112637140 A CN 112637140A
Authority
CN
China
Prior art keywords
password
character
communication
server
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011435574.3A
Other languages
Chinese (zh)
Inventor
王邵林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Kftpay Finance Network Technology Service Co ltd
Original Assignee
Shenzhen Kftpay Finance Network Technology Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Kftpay Finance Network Technology Service Co ltd filed Critical Shenzhen Kftpay Finance Network Technology Service Co ltd
Priority to CN202011435574.3A priority Critical patent/CN112637140A/en
Publication of CN112637140A publication Critical patent/CN112637140A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a password transmission method, a terminal, a server and a readable storage medium, wherein the encryption transmission method comprises the following steps: when a user inputs a password, acquiring a character currently input by the user; encrypting the characters currently input by the user by adopting an SM4 algorithm and a stored communication key to generate a character password array corresponding to the characters; when the password input is finished, encrypting the character password array by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext; and sending the ciphertext to a server. The method and the device can solve the problem that other applications are easy to illegally obtain the password information input by the user through the local client.

Description

Password transmission method, terminal, server and readable storage medium
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a password transmission method, a terminal, a server, and a readable storage medium.
Background
Currently, with the continuous development of information technology, people rely more and more on data information in daily life, and data information concerns about privacy security and property security of people, so the security of data information is very important. For example, in the process that a user inputs a password at a client and sends the input password to a server for storage, in order to improve the security of the password, password information is usually encrypted in the transmission process of the password to prevent the password information from being intercepted and leaked, but before the password information input by the client is transmitted to the server for storage, other applications are easy to illegally obtain the password information input by the user through the local client due to the fact that a plaintext password input by the user still exists in a memory of the local client.
Disclosure of Invention
The invention mainly aims to provide a password transmission method, a terminal, a server and a readable storage medium, which solve the problem that other applications are easy to illegally obtain password information input by a user through a local client.
In order to achieve the above object, the present invention provides a password transmission method, where the password transmission method is applied to a client, and the password transmission method includes:
when a user inputs a password, acquiring a character currently input by the user;
encrypting the characters currently input by the user by adopting an SM4 algorithm and a stored communication key to generate a character password array corresponding to the characters;
when the password input is finished, encrypting the character password array by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext;
and sending the ciphertext to a server.
Optionally, when the user inputs a password, before the step of obtaining the character currently input by the user, the method further includes:
establishing a user session with a server;
receiving and storing a communication secret key sent by a server;
associating the communication key with the user session to encrypt session data with the communication key during the user session.
Optionally, after the step of sending the ciphertext to the server, the method further includes;
after the client disconnects the session with the server, deleting the association relationship between the user session and the communication secret key;
deleting the stored communication key.
Optionally, the character password array includes a plurality of character password arrays, and the step of encrypting the character password array by using the SM2 algorithm and the stored communication public key to obtain a ciphertext when the password input is completed includes:
combining the character password arrays corresponding to the characters to obtain a password character string;
and encrypting the password character string by adopting an SM2 algorithm and a stored communication public key to obtain the ciphertext.
In order to achieve the above object, the present invention further provides a password transmission method, where the password transmission method is applied to a server, and the password transmission method includes:
after receiving the ciphertext sent by the client, decrypting the ciphertext by adopting an SM2 algorithm and a communication private key to obtain a password character string;
splitting the password character string into a plurality of character password arrays;
decrypting each character password array by using an SM4 algorithm and a communication key associated with the user session to obtain password characters;
and splicing the password characters according to the sequence of the character password array to obtain the password plaintext.
Optionally, before the step of decrypting the ciphertext by using the SM2 algorithm and the communication private key after receiving the ciphertext sent by the client to obtain the password character string, the password transmission method further includes:
generating a communication secret key when establishing a user session with a client;
saving the generated communication secret key;
and sending the communication secret key to the client.
Optionally, after the step of obtaining the password plaintext by splicing the password characters according to the sequence of the character password array, the method further includes:
acquiring a pre-stored communication secret key;
and encrypting the decrypted cipher plaintext by using an SM3 algorithm and the communication key, and storing the encrypted cipher plaintext.
Furthermore, to achieve the above object, the present invention further provides a terminal, which includes a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein the computer program, when executed by the processor, implements the steps of the password transmission method as described above.
Furthermore, to achieve the above object, the present invention further provides a server, which includes a memory, a processor, and a computer program stored on the memory and operable on the processor, wherein the computer program, when executed by the processor, implements the steps of the password transmission method as described above.
Furthermore, to achieve the above object, the present invention also provides a readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the password transmission method as described above.
The invention provides a password transmission method, a terminal, a server and a readable storage medium, when a user inputs a password, the current input character of the user is obtained, the current input character of the user is encrypted by adopting an SM4 algorithm and a stored communication secret key to generate a character password array corresponding to the character, when the password input is finished, the character password array is encrypted by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext, and finally the ciphertext is sent to the server. According to the scheme, the input characters are encrypted in the user input process, and the character password input by the user in the local client is encrypted into the character password array, so that the plaintext password input by the user does not exist in the memory of the local client, and the plaintext characters do not exist in the memory of the local client from the beginning every time one character is input for encryption, other applications are difficult to illegally obtain the password information input by the user from the local client, and therefore the problem that other applications are easy to illegally obtain the password information input by the user through the local client is effectively solved.
Drawings
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a hardware architecture of a terminal according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a hardware architecture of a server according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a first embodiment of a method for password transmission according to the present invention;
FIG. 4 is a flowchart illustrating a second embodiment of a method for password transmission according to the present invention;
FIG. 5 is a flowchart illustrating a third embodiment of a method for password transmission according to the present invention;
FIG. 6 is a flowchart illustrating a fourth embodiment of a method for password transmission according to the present invention;
fig. 7 is a flowchart illustrating a fifth embodiment of a password transmission method according to the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The main solution of the embodiment of the invention is as follows: when a user inputs a password, acquiring a character currently input by the user; encrypting the current input character of the user by adopting an SM4 algorithm and a stored communication key to generate a character password array corresponding to the character; when the password input is finished, encrypting the character password array by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext; and sending the ciphertext to the server. The input characters are encrypted in the input process of the user, and the character password input by the user in the local client is encrypted into the character password array, so that the plaintext password input by the user does not exist in the memory of the local client, and the plaintext characters do not exist in the memory of the local client from the beginning every time one character is input for encryption, other applications are difficult to illegally obtain the password information input by the user from the local client, and the problem that other applications are easy to illegally obtain the password information input by the user through the local client is effectively solved.
For a better understanding of the above technical solutions, exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to better understand the technical solution, the technical solution will be described in detail with reference to the drawings and the specific embodiments.
The hardware operation environment comprises a terminal and a server.
As shown in fig. 1, fig. 1 is a schematic diagram of a hardware architecture of a terminal according to an embodiment of the present invention.
As shown in fig. 1, the terminal may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may optionally include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (such as a non-volatile memory), such as a disk memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration of the terminal shown in fig. 1 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of computer storage medium, may include an operating system and a computer program therein.
In the terminal shown in fig. 1, the network interface 1004 is mainly used for connecting to a backend server and performing data communication with the backend server; the user interface 1003 is mainly used for connecting a client (user side) and performing data communication with the client; and the processor 1001 may be configured to invoke the computer program stored in the memory 1005 and perform the following operations:
when a user inputs a password, acquiring a character currently input by the user;
encrypting the characters currently input by the user by adopting an SM4 algorithm and a stored communication key to generate a character password array corresponding to the characters;
when the password input is finished, encrypting the character password array by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext;
and sending the ciphertext to a server.
Further, the processor 1001 may call the computer program stored in the memory 1005, and also perform the following operations:
establishing a user session with a server;
receiving and storing a communication secret key sent by a server;
associating the communication key with the user session to encrypt session data with the communication key during the user session.
Further, the processor 1001 may call the computer program stored in the memory 1005, and also perform the following operations:
after the client disconnects the session with the server, deleting the association relationship between the user session and the communication secret key;
deleting the stored communication key.
Further, the processor 1001 may call the computer program stored in the memory 1005, and also perform the following operations:
combining the character password arrays corresponding to the characters to obtain a password character string;
and encrypting the password character string by adopting an SM2 algorithm and a stored communication public key to obtain the ciphertext.
As shown in fig. 2, fig. 2 is a schematic diagram of a hardware architecture of a server according to an embodiment of the present invention.
As shown in fig. 2, the server may include: a processor 1006, e.g., a CPU, a network interface 1009, a user interface 1008, memory 1010, and a communication bus 1007. The communication bus 1007 is used to implement connection communication between these components. The user interface 1008 may optionally include a standard wired interface, a wireless interface. The network interface 1009 may optionally include a standard wired interface, a wireless interface (such as a non-volatile memory), for example, a disk memory. The memory 1010 may alternatively be a storage device separate from the processor 1006 described previously.
Those skilled in the art will appreciate that the configuration of the server shown in FIG. 2 does not constitute a limitation of the server and may include more or fewer components than shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 2, the memory 1010, which is a kind of computer storage medium, may include therein an operating system and a computer program.
In the server shown in fig. 2, the network interface 1009 is mainly used for connecting a terminal and performing data communication with the terminal; the user interface 1008 is also used for connecting other terminal devices except the terminal and performing data communication with the other terminal devices; and the processor 1006 may be configured to invoke the computer program stored in the memory 1010 and perform the following operations:
after receiving the ciphertext sent by the client, decrypting the ciphertext by adopting an SM2 algorithm and a communication private key to obtain a password character string;
splitting the password character string into a plurality of character password arrays;
decrypting each character password array by using an SM4 algorithm and a communication key associated with the user session to obtain password characters;
and splicing the password characters according to the sequence of the character password array to obtain the password plaintext.
Further, the processor 1006 may invoke a computer program stored in the memory 1010 to also perform the following operations:
generating a communication secret key when establishing a user session with a client;
saving the generated communication secret key;
and sending the communication private key to a client.
Further, the processor 1006 may invoke a computer program stored in the memory 1010 to also perform the following operations:
acquiring a pre-stored communication secret key;
and encrypting the decrypted cipher plaintext by using an SM3 algorithm and the communication key, and storing the encrypted cipher plaintext.
Referring to fig. 3, fig. 3 is a schematic flowchart of a first embodiment of a password transmission method according to the present invention, where the password transmission method is applied to a client, and the password transmission method includes the following steps:
step S10, when the user inputs the password, the current input character of the user is obtained;
in this embodiment, the execution subject is a terminal device, such as a local client including a computer, a mobile phone, and the like, and in other embodiments, the terminal device may also be other devices or apparatuses capable of inputting and transmitting passwords. The password input by the user is composed of characters, the characters may be numbers, english letters, or a combination of numbers and english letters, and of course, in other embodiments, the characters may be symbols in other forms, such as greek letters. Specifically, the local client has a password input window, the user inputs a character password in the window, and the local client automatically reads the character every time the user inputs one character.
Step S20, encrypting the characters currently input by the user by adopting an SM4 algorithm and a stored communication key to generate a character password array corresponding to the characters;
in this embodiment, after reading a password character currently input by a user, a local client encrypts the password character by using an SM4 algorithm and a stored communication key to generate a character password array corresponding to the password character, where the communication key is randomly composed of numbers and letters. The SM4 algorithm is a cipher algorithm which is recognized by the state, the SM4 algorithm is a block cipher algorithm which is used for encrypting data, and the SM4 is also called a block cipher or a block cipher and is a symmetric cipher algorithm. The cipher plaintext is divided into a plurality of modules with equal length, and each group of cipher plaintext is respectively encrypted or decrypted by using a determined algorithm and a symmetric key.
In this embodiment, each character input by the user is a group, or a group, the character input by the user is encrypted by using an SM4 algorithm of a communication key, the encrypted plaintext character is changed into a corresponding character password array, that is, when the user inputs a character, the input character is encrypted, and once the character is encrypted, there is no plaintext character in the memory at the beginning of the local client, and the character password array may be a chinese-english alphabet or a combination thereof, or may be other characters, such as "#", and "#", etc.
It should be noted that, after the characters input by the user are encrypted by using the SM4 algorithm of the communication key, the plaintext characters in the memory of the local client are replaced by the encrypted character password arrays, the local client displays the generated character password arrays, that is, each time the user inputs one character to encrypt the character password array, the generated character password arrays are used to replace the plaintext characters, the plaintext characters input by the user do not exist in the memory of the local client, thereby preventing other applications from illegally obtaining the plaintext passwords input by the user through the local client, and improving the security of the user in the process of inputting the passwords.
Step S30, when the password input is finished, the SM2 algorithm and the stored communication public key are adopted to encrypt the character password array to obtain a ciphertext;
and step S40, sending the ciphertext to a server.
In this embodiment, the public communication key is a key that is open to the outside world, and the public communication key is a non-secret half of a key pair used together with the private communication key. The public communication key is composed of numbers and letters at random. The public communication key is generally used for encrypting a session key, verifying a digital signature, or encrypting data that can be decrypted with a corresponding private communication key, and the SM2 algorithm is a nationally recognized public communication key algorithm, also called an elliptic curve algorithm.
In this embodiment, plaintext characters input by a user need to be transmitted to a server for storage after being encrypted by an SM4 algorithm and a stored communication key, in order to ensure security of a transmission process, a generated character password array is encrypted by an SM2 algorithm and a stored communication public key to obtain a ciphertext, and the ciphertext is transmitted to the server for storage. It can be understood that, after the ciphertext is transmitted to the server, the local client automatically cancels the communication public key, thereby ensuring that the communication public key is valid once in the transmission process, and greatly improving the security of the password transmission process.
Specifically, each character input by the user corresponds to a character password array, and the character password arrays corresponding to the characters are combined to obtain a password character string, for example, the character password array encrypted by the SM4 algorithm and the communication key is S [ ], and then the combined character string T is S1+ S2+ S3+ … …. And encrypting the combined password character string by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext, and sending the ciphertext to a server for storage by the server. Because the SM2 algorithm and the stored communication public key are encrypted again before password transmission, the security risk caused by replay, man-in-the-middle and other attacks in the password transmission process is solved.
In the technical scheme provided by the embodiment, when a user inputs a password, the current input character of the user is obtained; encrypting the current input character of the user by adopting an SM4 algorithm and a stored communication key to generate a character password array corresponding to the character; when the password input is finished, encrypting the character password array by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext; and sending the ciphertext to the server. The input characters are encrypted in the input process of the user, and the character password input by the user in the local client is encrypted into the character password array, so that the plaintext password input by the user does not exist in the memory of the local client, and the plaintext characters do not exist in the memory of the local client from the beginning every time one character is input for encryption, other applications are difficult to illegally obtain the password information input by the user from the local client, and the problem that other applications are easy to illegally obtain the password information input by the user through the local client is effectively solved.
Referring to fig. 4, fig. 4 is a flowchart illustrating a second embodiment of the password transmission method of the present invention, where based on the first embodiment, the step of S10 further includes:
step S50, establishing a user session with the server;
step S60, receiving and storing the communication key sent by the server;
step S70, associating the communication key with the user session, so as to encrypt session data with the communication key during the user session.
In this embodiment, when a user starts a local client, the local client is initialized, a user session is established with a server, the user session is data transmission and interaction between the local client and the server, after the user session is established, the server generates a communication key and sends the communication key to the local client, the local client receives the communication key sent by the server, stores the communication key to the local client, associates the received communication key with the user session, that is, binds the communication key with the user session, so that each user session has a unique communication key bound to the communication key. And encrypting the session data by adopting the communication secret key in the user session process through the association relationship between the communication secret key and the user session.
In the technical scheme provided by this embodiment, before encrypting a password character input by a user, a user session with a server is established, a communication key sent by the server is received and stored, and the communication key is associated with the user session, so that session data is encrypted by using the communication key in the user session process. According to the scheme, the communication secret key is associated with the user session, the fact that only the unique communication secret key corresponds to the communication secret key in the session process between the local client and the server every time is guaranteed, and the safety of the user in the password input process is further guaranteed.
Referring to fig. 5, fig. 5 is a flowchart illustrating a third embodiment of the password transmission method of the present invention, and based on the first embodiment, the step of S40 further includes:
step S80, after the client disconnects the session with the server, deleting the association between the user session and the communication key;
in step S90, the stored communication key is deleted.
In this embodiment, after the password input, transmission and storage process is finished, the user session between the local client and the server is disconnected, the binding between the user session and the communication key is released, the association relationship between the user session of the local client and the communication key is deleted, and the communication key stored in the local client is deleted, so as to destroy the communication key in the local client memory.
In the technical scheme provided by this embodiment, after the client disconnects the session with the server, the association relationship between the user session and the communication key is deleted, and the stored communication key is deleted, so that by logging off the communication key in the local client, the local client does not have the communication key in the memory after the password input and transmission are completed, and the communication key is newly obtained when the local client establishes a connection with the server next time, thereby ensuring that the local client has a unique communication key associated with the user session in each password input process, and one-time encryption, i.e., the communication key is valid once, so that the security of the password input process is higher.
Referring to fig. 6, fig. 6 is a schematic flowchart of a fourth embodiment of the password transmission method of the present invention, where the password transmission method is applied to a server, and the password transmission method includes the following steps:
step S100, after receiving the ciphertext sent by the client, decrypting the ciphertext by adopting an SM2 algorithm and a communication private key to obtain a password character string;
step S200, splitting the password character string into a plurality of character password arrays;
step S300, decrypting each character password array by adopting an SM4 algorithm and a communication secret key associated with a user session to obtain password characters;
and step S400, splicing the password characters according to the sequence of the character password array to obtain the password plaintext.
In this embodiment, the execution subject is a server, and the server decrypts and stores the ciphertext. After the local client encrypts and generates a ciphertext, the generated ciphertext is sent to the server, the server receives the ciphertext sent by the client to decrypt the ciphertext, and because the process of encrypting the ciphertext string by the local client to obtain the ciphertext adopts the communication public key and the SM2 algorithm, the server decrypts the ciphertext by adopting the communication private key and the SM2 algorithm to obtain the password string.
Further, before decrypting the received ciphertext, when a user session is established with the local client, the server generates a communication key, stores the generated communication key, and simultaneously sends the communication key to the local client, so that the local client associates the communication key with the established user session, and further encrypts the character input by the user. The server generates a communication public key and a communication private key at the same time as the communication secret key, stores the generated secret key, and transmits the secret key requested by the local client to the local client when receiving the secret key request of the local client.
In this embodiment, after the server decrypts the ciphertext by using the communication private key and the SM2 algorithm to obtain the password string, in order to obtain the password plaintext input by the user, the SM4 algorithm and the communication key associated with the user session are used to decrypt the password string to obtain the password plaintext, because the SM4 algorithm is used in the encryption process for obtaining the password string, the SM4 algorithm is also used in the decryption process.
Specifically, the password character string is firstly split into a plurality of character password arrays, wherein the splitting mode of the password character string is fixed-length (32-bit) splitting. After the character password arrays are obtained, each character password array is decrypted by adopting an SM4 algorithm and a communication secret key associated with a user session to obtain password characters input by a user, and finally the decrypted password characters are spliced according to the sequence of the character password arrays to obtain a password plaintext input by the user.
In the technical scheme provided by this embodiment, after receiving a ciphertext sent by a client, the SM2 algorithm and a communication private key are used to decrypt the ciphertext to obtain a password string, and then the SM4 algorithm and a communication private key associated with a user session are used to decrypt the password string to obtain a password plaintext. The scheme decrypts the encrypted ciphertext input by the user to obtain the password plaintext, ensures that the ciphertext received by the server corresponds to the password input by the user, and further enables the server to encrypt and store the decrypted plaintext, so that the security of the password in the storage process of the server is improved, and the security risk is reduced.
Referring to fig. 7, fig. 7 is a schematic flowchart of a fifth embodiment of the password transmission method of the present invention, and based on the fourth embodiment, the step of S400 further includes:
step S500, obtaining a pre-stored communication secret key;
step S600, encrypting the decrypted cipher plaintext by using the SM3 algorithm and the communication key, and storing the encrypted cipher plaintext.
In this embodiment, the server automatically generates and stores the communication public key and the communication private key, and in order to improve the security of the server for storing the password, after the ciphertext is decrypted to obtain the password plaintext, the decrypted password plaintext is encrypted and stored.
Specifically, a communication key pre-stored by the server is obtained, the decrypted cipher plaintext is encrypted by using the communication key and the SM3 algorithm, and the encrypted cipher plaintext is stored in the server. The SM3 algorithm is a cipher algorithm recognized by the country, the SM3 algorithm is a domestic hash algorithm, and is mainly used for digital signature and verification, message authentication code generation and verification, random number generation and the like, and the algorithm is disclosed.
In the technical scheme provided by this embodiment, a pre-stored communication key is obtained; and encrypting the decrypted cipher plaintext by using an SM3 algorithm and the communication key, and storing the encrypted cipher plaintext. The server encrypts the password plaintext before storing the password plaintext and then stores the encrypted password plaintext, so that the password storage safety is improved, and external application is prevented from illegally obtaining the password plaintext through the server.
Based on the foregoing embodiments, the present invention further provides a terminal, where the terminal may include a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the steps of the password transmission method according to any of the foregoing embodiments are implemented.
Based on the foregoing embodiments, the present invention further provides a server, where the server may include a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the steps of the password transmission method according to any of the foregoing embodiments are implemented.
Based on the foregoing embodiments, the present invention further provides a readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the password transmission method according to any of the foregoing embodiments.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A password transmission method is applied to a client, and comprises the following steps:
when a user inputs a password, acquiring a character currently input by the user;
encrypting the characters currently input by the user by adopting an SM4 algorithm and a stored communication key to generate a character password array corresponding to the characters;
when the password input is finished, encrypting the character password array by adopting an SM2 algorithm and a stored communication public key to obtain a ciphertext;
and sending the ciphertext to a server.
2. The password transmission method according to claim 1, wherein said step of obtaining the character currently input by the user when the user inputs the password is preceded by:
establishing a user session with a server;
receiving and storing a communication secret key sent by a server;
associating the communication key with the user session to encrypt session data with the communication key during the user session.
3. The method of cryptographic transmission of claim 1, wherein the step of sending the ciphertext to a server further comprises:
after the client disconnects the session with the server, deleting the association relationship between the user session and the communication secret key;
deleting the stored communication key.
4. The method for password transmission according to claim 1, wherein the character password array comprises a plurality of character passwords, and the step of encrypting the character password array to obtain a ciphertext by using the SM2 algorithm and the stored communication public key when the password input is completed comprises:
combining the character password arrays corresponding to the characters to obtain a password character string;
and encrypting the password character string by adopting an SM2 algorithm and a stored communication public key to obtain the ciphertext.
5. A password transmission method is applied to a server, and comprises the following steps:
after receiving the ciphertext sent by the client, decrypting the ciphertext by adopting an SM2 algorithm and a communication private key to obtain a password character string;
splitting the password character string into a plurality of character password arrays;
decrypting each character password array by using an SM4 algorithm and a communication key associated with the user session to obtain password characters;
and splicing the password characters according to the sequence of the character password array to obtain the password plaintext.
6. The password transmission method according to claim 5, wherein after receiving the ciphertext sent by the client, before the step of decrypting the ciphertext by using the SM2 algorithm and the communication private key to obtain the password string, the password transmission method further comprises:
generating a communication secret key when establishing a user session with a client;
saving the generated communication secret key;
and sending the communication secret key to the client.
7. The method for password transmission according to claim 5, wherein after the step of splicing the password characters according to the sequence of the character password array to obtain the password plaintext, the method further comprises:
acquiring a pre-stored communication secret key;
and encrypting the decrypted cipher plaintext by using an SM3 algorithm and the communication key, and storing the encrypted cipher plaintext.
8. A terminal, characterized in that the terminal comprises a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the cryptographic transmission method of any one of claims 1 to 4.
9. A server, characterized in that the server comprises a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the cryptographic transmission method of any one of claims 5 to 7.
10. A readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the cryptographic transmission method of any one of claims 1 to 7.
CN202011435574.3A 2020-12-09 2020-12-09 Password transmission method, terminal, server and readable storage medium Pending CN112637140A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011435574.3A CN112637140A (en) 2020-12-09 2020-12-09 Password transmission method, terminal, server and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011435574.3A CN112637140A (en) 2020-12-09 2020-12-09 Password transmission method, terminal, server and readable storage medium

Publications (1)

Publication Number Publication Date
CN112637140A true CN112637140A (en) 2021-04-09

Family

ID=75309381

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011435574.3A Pending CN112637140A (en) 2020-12-09 2020-12-09 Password transmission method, terminal, server and readable storage medium

Country Status (1)

Country Link
CN (1) CN112637140A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113505364A (en) * 2021-09-09 2021-10-15 飞天诚信科技股份有限公司 Password protection method, electronic device and computer-readable storage medium
CN115022057A (en) * 2022-06-13 2022-09-06 中信百信银行股份有限公司 Security authentication method, device and equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106506158A (en) * 2016-12-29 2017-03-15 上海众人网络安全技术有限公司 A kind of encryption method and system based on whitepack
CN106712946A (en) * 2017-02-07 2017-05-24 上海瀚银信息技术有限公司 Data secure transmission method
CN107566324A (en) * 2016-06-30 2018-01-09 南京中兴新软件有限责任公司 Encryption method, decryption method and device
US20180198606A1 (en) * 2015-02-13 2018-07-12 Eric Le Saint Confidential communication management
CN110784480A (en) * 2019-11-01 2020-02-11 华云数据有限公司 Data transmission method, system, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180198606A1 (en) * 2015-02-13 2018-07-12 Eric Le Saint Confidential communication management
CN107566324A (en) * 2016-06-30 2018-01-09 南京中兴新软件有限责任公司 Encryption method, decryption method and device
CN106506158A (en) * 2016-12-29 2017-03-15 上海众人网络安全技术有限公司 A kind of encryption method and system based on whitepack
CN106712946A (en) * 2017-02-07 2017-05-24 上海瀚银信息技术有限公司 Data secure transmission method
CN110784480A (en) * 2019-11-01 2020-02-11 华云数据有限公司 Data transmission method, system, equipment and storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113505364A (en) * 2021-09-09 2021-10-15 飞天诚信科技股份有限公司 Password protection method, electronic device and computer-readable storage medium
CN113505364B (en) * 2021-09-09 2021-11-30 飞天诚信科技股份有限公司 Password protection method, electronic device and computer-readable storage medium
CN115022057A (en) * 2022-06-13 2022-09-06 中信百信银行股份有限公司 Security authentication method, device and equipment and storage medium

Similar Documents

Publication Publication Date Title
CN107294937B (en) Data transmission method based on network communication, client and server
US8059818B2 (en) Accessing protected data on network storage from multiple devices
US20040103325A1 (en) Authenticated remote PIN unblock
CN106788989B (en) Method and equipment for establishing secure encrypted channel
CN111935712A (en) Data transmission method, system and medium based on NB-IoT communication
US7913096B2 (en) Method and system for the cipher key controlled exploitation of data resources, related network and computer program products
CN113992346B (en) Implementation method of security cloud desktop based on national security reinforcement
JP2022117456A (en) Message transmission system with hardware security module
CN112637140A (en) Password transmission method, terminal, server and readable storage medium
CN108737087B (en) Protection method for mailbox account password and computer readable storage medium
CN114173294A (en) Non-peer-to-peer short message transmission method, system, equipment and computer storage medium
TW200803392A (en) Method, device, server arrangement, system and computer program products for securely storing data in a portable device
CN107493281A (en) encryption communication method and device
CN114785527B (en) Data transmission method, device, equipment and storage medium
JP4615128B2 (en) Voice and data encryption method using encryption key split combiner
CN111488570A (en) Authentication method and authentication system
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device
CN114297597B (en) Account management method, system, equipment and computer readable storage medium
CN114554485B (en) Asynchronous session key negotiation and application method, system, electronic equipment and medium
US8666073B2 (en) Safe handover method and system
JP2004274134A (en) Communication method, communication system using the communication method, server and client
CN113507435A (en) Data transmission method and system
CN112995210A (en) Data transmission method and device and electronic equipment
CN112398818A (en) Software activation method and related device thereof
CN112751858B (en) Data encryption communication terminal method, device, terminal, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210409

RJ01 Rejection of invention patent application after publication