Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for protecting website password of user

A password and website technology, applied in the field of protecting user website passwords, can solve problems such as not being at hand or data corruption, users being unable to log in to the website, users being difficult to remember, etc., to prevent leakage, high-strength password protection solutions, protection and assets safe effect

Inactive Publication Date: 2017-01-11
成都知道创宇信息技术有限公司
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Password management software has many obvious disadvantages: 1. Passwords are randomly generated, which is difficult for users to remember, especially in the case of a large number of website accounts, once the software is unavailable (such as not at hand or data damage), users will not be able to Log in to the website; 2. It is inconvenient to use. When logging in, the user needs to open the password management software to query the password

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017]本发明在具体实施步骤为:

[0018]1、在需要用户输入密码的页面,网站都通过HTML语言的标签引入一个Javascript脚本文件,该脚本文件提供一个函数供页面调用,所述函数命名为encrypt_passwor。

[0019]2、在页面里包含密码输入框的元素内,通过标签指定本Form内用户名输入框、密码输入框的名称和网站自定义的一个ID;其中网站自定义ID用于和其它网站区分开,可以是本网站的域名,例如"www.example.com”。

[0020]3、用户输入密码,点击"提交”按钮后,页面在把表单数据提交到网站服务器前,调用encrypt_password函数。

[0021]4、encrypt_password函数获取Form内用户输入的用户名、密码和网站指定的网站ID。

[0022]5、encrypt_password函数通过单向算法(例如HMAC,HMAC是密钥相关的哈希运算消息认证码,即Hash-based Message Authentication Code)把用户名、密码、网站ID转换成一个复杂密码,并用这个密码替换密码输入框里用户输入的密码。

[0023]6、数据(包括用户名和替换后密码的表单数据)被提交到网站服务器。如果是账号注册操作,网站存储账号信息到数据库;如果是用户登录操作,网站比对提交过来的密码和数据库里存储的密码,判断是否一致。

[0024]在Javascript代码里的encrypt_password函数中,可以增加单向算法的计算量,例如反复进行几万次单向变换,增加攻击者撞库的难度。以HMAC算法为例:

[0025]1)new_password=HMAC(username+old_password,ID)

[0026]2)old_password=new_password

[0027]3)如果循环次数

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for protecting the website password of a user. The method comprises the following steps that on the page where the user inputs the password, a website introduces a Javascript script file through the <script>label of the HTML language; in a <From> element including a password input box in the page, the names of a user name input box and a password input box in the Form and a user-defined ID of the website are designated through a hidden <INPUT> element; the user inputs the password, after the user clicks on Submit, form data is submitted in front of a web server, and the page calls a function; the user name, the password and the website ID are converted into a complex password through the function via a one-way algorithm, and the input password is replaced; the data is submitted to the web server. According to the method, under the condition that user experience is completely not influenced, a high-strength password protection scheme is achieved, user account leakage and library colliding risks are effectively avoided, and user account and asset safety is protected.

Description

technical field [0001] The invention relates to the field of website password protection, in particular to a method for protecting user website passwords. Background technique [0002] In recent years, large-scale user account leaks caused by websites being dragged have intensified. For example, in the recent leak of 60 million Dropbox accounts and 500 million Yahoo accounts, website users can do nothing about it and can only hope that the website will take good security precautions to avoid leaks. However, no website is 100% secure, and any website is at risk of account compromise. Once the account is leaked, because most users are used to using the same account / password on different websites, the user’s account on all websites will face being hacked. Log in. If the user’s accounts on the two websites A and B are the same, the hacker can successfully log on to the B website, which is called successful credentialing) risk, and there have been many cases of actual economic ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/06
CPCH04L63/083H04L9/0631H04L63/0428
Inventor 刘光旭
Owner 成都知道创宇信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products