Summary of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of cipher set-up method and device.
According to an aspect of the present invention, provide a kind of cipher set-up method, including: search, according to the corresponding relation pre-set, the Password Policy group that user belongs to, wherein, described corresponding relation is the corresponding relation for indicating the Password Policy group corresponding to described user, and described Password Policy group corresponds to one or more users;Password Policy group indicated by lookup result is the Password Policy that user setup is corresponding with described Password Policy group.
Preferably, described corresponding relation is pre-set in the following manner: obtain the Password Policy grade that described user needs;Assign the user in the Password Policy group corresponding with described Password Policy grade according to described Password Policy grade.
Preferably, after assigning the user in the Password Policy group corresponding with described Password Policy grade according to described Password Policy grade, also include: the Password Policy that the Password Policy group that described Password Policy grade is corresponding is adopted is modified;According to amended Password Policy to amended Password Policy described in the user setup in described Password Policy group.
Preferably, described Password Policy includes at least one of: content that the length of described password, described password comprise and described user are in the specified rule using described password to adopt.
Preferably, described specified rule includes at least one of: whether pre-set that all user ciphers in information system are identical, allow described user to revise described password, whether user forces described user to revise described password after logging in first, the effective time of described password, the given number of days before described effective time reaches point out described in described user that password is expired, allow the number of times of the continuous input error of described password, whether carry out password locking after inputting described code error.
According to another aspect of the present invention, additionally provide a kind of password setting device, including: search module, for searching, according to the corresponding relation pre-set, the Password Policy group that user belongs to, wherein, described corresponding relation is the corresponding relation for indicating the Password Policy group corresponding to described user, and described Password Policy group corresponds to one or more users;First arranges module, is the user setup Password Policy corresponding with described Password Policy group for Password Policy group indicated by lookup result.
Preferably, described device, also include, second arranges module, is used for arranging described corresponding relation, and wherein, described second arranges module, including: acquiring unit, for obtaining the Password Policy grade that described user needs;Allocation units, for assigning the user in the Password Policy group corresponding with described Password Policy grade according to described Password Policy grade.
Preferably, also include: modified module, modify for the Password Policy that the Password Policy group that described Password Policy grade is corresponding is adopted;3rd arranges module, is used for according to amended Password Policy amended Password Policy described in the user setup in described Password Policy group.
Preferably, the described first described Password Policy arranging module setting includes at least one of: the content that the length of described password, described password comprise, described user is in the specified rule using described password to adopt.
Preferably, described first the described specified rule that module arranges is set includes at least one of: whether all user ciphers pre-setting in information system are identical, allow described user to revise described password, whether user forces described user to revise described password after logging in first, the effective time of described password, the given number of days before described effective time reaches point out described in described user that password is expired, allow the number of times of the continuous input error of described password, whether carry out password locking after inputting described code error.
Pass through the present invention, adopt and user is allocated in advance to different Password Policy groups, and according to the technological means that the Password Policy of user is configured by the strategy that different Password Policy groups is corresponding, solve in correlation technique, for the problem that the user cipher strategy being in same information system is excessively single, it is possible to the different grades of user cipher strategy of different grades of user setup.
Detailed description of the invention
Below with reference to accompanying drawing and describe the present invention in detail in conjunction with the embodiments.It should be noted that when not conflicting, the embodiment in the application and the feature in embodiment can be mutually combined.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from description, or understand by implementing the present invention.The purpose of the present invention and other advantages can be realized by structure specifically noted in the description write, claims and accompanying drawing and be obtained.
In order to make those skilled in the art be more fully understood that the present invention program, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a present invention part, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, all should belong to the scope of protection of the invention.
In order to solve above-mentioned technical problem, providing a kind of cipher set-up method in the present embodiment, Fig. 1 is the flow chart of cipher set-up method according to embodiments of the present invention, as it is shown in figure 1, comprise the following steps:
Step S102, searches, according to the corresponding relation pre-set, the Password Policy group that user belongs to, and wherein, above-mentioned corresponding relation is the corresponding relation for indicating the Password Policy group corresponding to above-mentioned user, and above-mentioned Password Policy group corresponds to one or more users;
Step S104, the Password Policy group indicated by lookup result is the Password Policy that user setup is corresponding with above-mentioned Password Policy group.
By each step above-mentioned; adopt and user is allocated in advance to different Password Policy groups; and according to the technological means that the Password Policy of user is configured by the strategy that different Password Policy groups is corresponding; solve in correlation technique; for the problem that the user cipher strategy being in same information system is excessively single; can to the different grades of user cipher strategy of different grades of user setup, and then the data preserved that can be effectively protected in information system different user.
Set-up mode for the user in above-mentioned steps S102 Yu the corresponding relation of Password Policy group actually has a lot of mode, it is alternatively possible to be accomplished by: obtain the Password Policy grade that above-mentioned user needs;According to above-mentioned Password Policy grade, above-mentioned user is assigned in the Password Policy group corresponding with above-mentioned Password Policy grade, that is, the cryptographic levels required for user in acquisition information system can be passed through, search which Password Policy group to should cryptographic levels, user is distributed to this Password Policy group, and then the Password Policy of user is configured.
Certainly, in specific implementation process, if by user's distribution to corresponding Password Policy group, if the Password Policy required for the one or more users in Password Policy all needs to change, it is also possible to perform techniques below scheme: the Password Policy that the Password Policy group that above-mentioned Password Policy grade is corresponding is adopted is modified;According to amended Password Policy to the above-mentioned amended Password Policy of the user setup in above-mentioned Password Policy group.
In embodiments of the present invention, the Password Policy that can include for Password Policy group can include at least one of: the length of above-mentioned password, content that above-mentioned password comprises and above-mentioned user are in the specified rule using above-mentioned password to adopt, wherein, specified rule includes at least one of: pre-set all user ciphers in information system identical, above-mentioned user whether is allowed to revise above-mentioned password, whether user forces above-mentioned user to revise above-mentioned password after logging in first, the effective time of above-mentioned password, the given number of days prompting above-mentioned password of above-mentioned user before above-mentioned effective time reaches is expired, allow the number of times of the continuous input error of above-mentioned password, whether password locking is carried out after inputting above-mentioned code error.
In sum, the technical scheme of the above-mentioned offer of the embodiment of the present invention is provided, user cipher is configured by the form of Password Policy, for the different grades of Password Policy of different grades of user setup, then the user setup of different safety class is become corresponding Password Policy.So different users, the class requirement of its password can be revised by Password Policy rules modification, maintainability and the adaptability of such system have also been obtained raising, allow the operation that system can be safer, reduce the chance that password is hypothesized, thus reducing system loss, it is achieved that simple configuration can be passed through, the configuration of Password Policy can be completed.Making to use different grades of strategy for the user of different safety class, improve the safety of system, it is more flexible and easy-to-use that system is run.
In order to be better understood from above-mentioned Password Policy, illustrate below in conjunction with an example, but be not used in the protection domain limiting the embodiment of the present invention:
1, user's whether default policy: including: be, no two options, selection is, then password default policy when this strategy is increase user in Password Policy group, it is of course also possible to it is tactful to may select other by Password Policy combobox;
2, the minimum of password arranges length: the minimum length figure place of typing password, after definition, when arranging user cipher, Password Length can not less than minimum length value, such as, if being provided with password minimum length is 6 figure places, then the Password Length of user setup, all can not lower than 6 bit digital regardless of complexity;
3, password must comprise letter and number: including: is, no two options, when selection must comprise letter and number, then the user cipher of setting must comprise letter and number, does not otherwise allow to preserve;When selecting no, the user cipher of setting can not comprise letter and number, and the complexity of password is mainly configured by this part, because if comprise letter and number simultaneously, owing to including more kinds of possibility, then the probability that password is decrypted is relatively small.
4, strategy presetting cipher: whether comprise the password default of the self-defined user of alphanumeric rule according to password minimum length and password, such as: password minimum length is 6, password can not comprise numeral and letter, presetting cipher strategy is customized for 666666, then newly-increased all users are when using this strategy, password is all 666666, generally there is multiple new users login again simultaneously in information system in this situation, and, user must change again the situation of password when first logging into, adopt the workload reducing attendant that this technical scheme can be relative.
5, allow Modify password: including: be, no two options, select "Yes" then to allow user's Modify password;"No" is selected then not allow user's Modify password.
6, first logging into must Modify password: including: be, no two options, and selecting "Yes" then user to first log into must Modify password;Selecting "No" then to first log into without Modify password, this technical scheme often uses with the combination of such scheme 4.
7, password is forever effective: including: be, no two options, and the password selecting "Yes" then user setup is forever effective, and " the effective natural law of password ", " expired prompting natural law " put ash automatically;Selecting "No" then to need to arrange the effect duration of password, crossing after date can not log in.
8, the effective natural law of password: if password is forever effectively chosen as "No", then need to arrange effective natural law of password.After exceeding effective natural law, password is automatically expired.
9, expired prompting natural law: arrange cryptographic validity countdown, namely carried out down meter natural law prompting before effect duration, and in actual use, system would generally remind user to revise current password each preset break time (being such as three months).
10, code error locking: including: be, no two options, when selecting "Yes" then to exceed code error number of times, system is automatically by password locking;When selecting "No" then to exceed code error number of times, password is not locked.
11, continuous cipher errors number: arrange the number of times of continuous input error password, uses together with locking with code error.
For the Password Policy of above-mentioned 1-11, in actual applications, as shown in following table one
Table one
It should be noted that, for aforesaid each embodiment of the method, in order to be briefly described, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, embodiment described in this description belongs to preferred embodiment, and involved action and module are not necessarily essential to the invention.
Additionally provide a kind of password setting device in the present embodiment, be used for realizing above-described embodiment and preferred implementation, had be carried out repeating no more of explanation, and below the module related in this device was illustrated.As used below, term " module " can realize the software of predetermined function and/or the combination of hardware.Although the device described by following example preferably realizes with software, but hardware, or the realization of the combination of software and hardware is also likely to and is contemplated.Fig. 2 is the structured flowchart of password setting device according to embodiments of the present invention.As it is shown on figure 3, this device includes:
Search module 20, for searching, according to the corresponding relation pre-set, the Password Policy group that user belongs to, wherein, above-mentioned corresponding relation is the corresponding relation for indicating the Password Policy group corresponding to above-mentioned user, and above-mentioned Password Policy group corresponds to one or more users;
First arranges module 22, is connected with searching module 20, is the user setup Password Policy corresponding with above-mentioned Password Policy group for Password Policy group indicated by lookup result.
Integrated application by above-mentioned modules; adopt and user is allocated in advance to different Password Policy groups; and according to the technological means that the Password Policy of user is configured by the strategy that different Password Policy groups is corresponding; solve in correlation technique; for the problem that the user cipher strategy being in same information system is excessively single; can to the different grades of user cipher strategy of different grades of user setup, and then the data preserved that can be effectively protected in information system different user.
For searching the corresponding relation in module 20, it is possible to arrange, by second, the following functions module that module 24 includes and realize: second arranges module 24, including: acquiring unit 240, for obtaining the Password Policy grade that above-mentioned user needs;Allocation units 242, are connected with acquisition module 240, for above-mentioned user being assigned in the Password Policy group corresponding with above-mentioned Password Policy grade according to above-mentioned Password Policy grade.
In actual applications, in order to expansion cipher arranges the range of application of device, said apparatus also includes: modified module 26, modifies for the Password Policy that the Password Policy group that above-mentioned Password Policy grade is corresponding is adopted;3rd arranges module 28, is connected with modified module 26, is used for according to amended Password Policy the above-mentioned amended Password Policy of the user setup in above-mentioned Password Policy group.
It should be noted that, the first above-mentioned Password Policy arranging module 22 setting includes at least one of: the length of above-mentioned password, the content that above-mentioned password comprises, above-mentioned user is in the specified rule using above-mentioned password to adopt, wherein, specified rule includes at least one of: pre-set all user ciphers in information system identical, above-mentioned user whether is allowed to revise above-mentioned password, whether user forces above-mentioned user to revise above-mentioned password after logging in first, the effective time of above-mentioned password, the given number of days prompting above-mentioned password of above-mentioned user before above-mentioned effective time reaches is expired, allow the number of times of the continuous input error of above-mentioned password, whether password locking is carried out after inputting above-mentioned code error.
It addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it is also possible to be that unit is individually physically present, it is also possible to two or more unit are integrated in a unit.Above-mentioned integrated unit both can adopt the form of hardware to realize, it would however also be possible to employ the form of SFU software functional unit realizes.
Based on the password Provisioning Policy of such scheme 1-11, shown in the following example of technical scheme in actual applications:
By arranging password, must to comprise letter and number be yes, it is ensured that the complexity of password, reduces the possibility that the commonly used simple password of certain customers is compromised;Adding User of system different safety class, it is possible to distinguish initial password by Provisioning Policy presetting cipher and arrange;It is no that Password Policy for demonstrating user can select to allow Modify password, thus forbidding anyone Modify password, causes demo system cannot be introduced into;Must Modify password be, while system is provided with presetting cipher to Adding User, force to allow the user logged in revise its initial password, thus reaching the grade of user cipher by arranging to first log into;Being effectively forever no as arranged password, and have selected cryptographic validity, this can control the temporary account of a collection of user, and after waiting the date to cross, password is just invalid, and then these temporary account also just cannot log in;Code error locking is configured as, and when being provided with continuous cipher errors number, time the continuous cipher errors number that number of times reaches setting inputed by mistake by password, can user be locked, it is to avoid because some people's malice conjecture password causes damage.Can also reducing the possibility that password is hypothesized, arrange number of times more little, the probability that password is guessd out is more little, thus improving security of system.
After setting Password Policy, time user logs in, flow process is as shown in Figure 4, comprises the following steps:
Step S402, user starts to log in;
Step S404, whether verification password is by verifying, if it is not, then go to step S408, if it is, go to step S406;
Step S406, by after judge whether again to log in first, if not being log in first, go to step S410, normally enter system, if it is, go to step S412;
Step S408, as user takes in code error, verifies continuous input error number of times, beyond after the number of times that Password Policy is arranged, will go to step S410, and user locks, and flow process terminates, and this user must flow through after manager unlocks and just can log in, if it is not, then go to step S414;
Step S410, flow process terminates;
Step S412, logs in first and is provided with and log in mandatory modification password first, then jump directly to step S416, without mandatory modification password, then go to step S410;
Step S414, misregistration number of times;
Step S416, Modify password function, user inputs new password, confirms amendment;
Step S418, now the password composition form according to strategy setting verifies, and not by needing user to re-enter password, as passed through then to go to step S410, password is successfully modified, jumps to main interface, and checking flow process terminates, if do not passed through, then goes to step S416.
If the integrated unit in above-described embodiment is using the form realization of SFU software functional unit and as independent production marketing or use, it is possible to be stored in the storage medium that above computer can read.Based on such understanding, part or all or part of of this technical scheme that prior art is contributed by technical scheme substantially in other words can embody with the form of software product, this computer software product is stored in storage medium, including some instructions with so that one or more computer equipment (can for personal computer, server or the network equipment etc.) performs all or part of step of method described in each embodiment of the present invention.
In the above embodiment of the present invention, the description of each embodiment is all emphasized particularly on different fields, certain embodiment there is no the part described in detail, it is possible to referring to the associated description of other embodiments.
In sum, the embodiment of the present invention has reached techniques below effect: improve the maintainability of system and adaptability, allows the operation that system can be safer, reduce the chance that password is hypothesized, thus reducing system loss, it is achieved that simple configuration can be passed through, the configuration of Password Policy can be completed.Making to use different grades of strategy for the user of different safety class, improve the safety of system, it is more flexible and easy-to-use that system is run.
In another embodiment, additionally providing a kind of software, this software is for performing the technical scheme described in above-described embodiment and preferred implementation.
In another embodiment, additionally providing a kind of storage medium, in this storage medium, storage has above-mentioned software, and this storage medium includes but not limited to: CD, floppy disk, hard disk, scratch pad memory etc..
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, " second " etc. are for distinguishing similar object, without being used for describing specific order or precedence.Should be appreciated that the object of so use can exchange in the appropriate case, in order to embodiments of the invention described herein can with except here diagram or describe those except order implement.In addition, term " includes " and " having " and their any deformation, it is intended to cover non-exclusive comprising, such as, contain series of steps or the process of unit, method, system, product or equipment be not necessarily limited to those steps or the unit clearly listed, but can include clearly not listing or for intrinsic other step of these processes, method, product or equipment or unit.
Obviously, those skilled in the art should be understood that, each module of the above-mentioned present invention or each step can realize with general calculation element, they can concentrate on single calculation element, or it is distributed on the network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, can be stored in storage device is performed by calculation element, and in some cases, shown or described step can be performed with the order being different from herein, or they are fabricated to respectively each integrated circuit modules, or the multiple modules in them or step are fabricated to single integrated circuit module realize.So, the present invention is not restricted to the combination of any specific hardware and software.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.