[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN101102192A - Authentication device, method and system - Google Patents

Authentication device, method and system Download PDF

Info

Publication number
CN101102192A
CN101102192A CNA2007101192047A CN200710119204A CN101102192A CN 101102192 A CN101102192 A CN 101102192A CN A2007101192047 A CNA2007101192047 A CN A2007101192047A CN 200710119204 A CN200710119204 A CN 200710119204A CN 101102192 A CN101102192 A CN 101102192A
Authority
CN
China
Prior art keywords
module
password
authenticating device
authenticate password
authenticate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007101192047A
Other languages
Chinese (zh)
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Feitian Technologies Co Ltd
Original Assignee
Beijing Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Feitian Technologies Co Ltd filed Critical Beijing Feitian Technologies Co Ltd
Priority to CNA2007101192047A priority Critical patent/CN101102192A/en
Publication of CN101102192A publication Critical patent/CN101102192A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The apparatus thereof comprises: a memory module, a trigger module, an acquisition module, a delete module, a control module and a power module. The method comprises: the authentication device selects the authentication password from the pre-saved authentication passwords as the authentication code, and deletes the selected authentication password from the pre-saved authentication passwords; the client side sends the received user's ID and authentication code to the serving side; the serving side comparing the authentication code with the authentication password, if they are matching, then the authentication is passed; otherwise, the authentication. The system thereof comprises: authentication device, client side and serving side.

Description

Authenticating device, method and system
Technical field
The present invention relates to information security field, particularly a kind of authenticating device, method and system.
Background technology
In recent years, the fast development of network and the very big facility that provides thereof make the increasing dependency network means of people carry out comings and goings, comprise identification, Web bank and VPN (Virtual Private Network, VPN (virtual private network) is called virtual private net again) etc.
Correspondingly, the network information security also more and more causes people's attention, has occurred a kind of safety information product in the last few years, i.e. the hardware device of a kind of portable removable use, being commonly referred to as information safety devices, is a kind of small hardware equipment that has processor and memory.Information safety devices connects by the data communication interface and the main frame of main frame, processor in the equipment generally can adopt the Safety Design chip, utilize its inside security mechanism, realize that key generates, secret key safety storage and preset function such as cryptographic algorithm, the computing relevant with key is fully in the inner execution of information safety devices, information safety devices has anti-characteristic of attacking simultaneously, and fail safe is very high.Because the above-mentioned advantage of information safety devices is admittedly can be applied in it fields such as authentication, Web bank and VPN.
Above-mentioned Safety Design chip is except the various characteristics with general-purpose built-in type microcontroller, and more outstanding characteristic is to show the security performance aspect.The Safety Design chip can structurally be done some special processings aspect security performance when chip design, such as, the Safety Design chip can adopt specific security kernel, this security kernel can be supported a plurality of states that have different rights definition, is used to realize the management to the hardware resource access rights; Support the randomization of time for each instruction (instruction cycle); The interrupt system of Safety Design chip can the supporting chip state conversion, thereby realize control to the level of security of different levels, to support the realizations of using more; The Safety Design chip can also have MMU (Memory Management Unit, Memory Management Unit), be used to realize the isolation and the map addresses of logical address, physical address, the design of using (use), fail safe from architecture support realizes more, organically forms a hardware firewall with the different conditions of kernel support; The interrupt system of Safety Design chip can also the back-up system database and interface and the transfer of right and the switching of user program; The storage medium aspect of Safety Design chip can adopt non-volatile memory medium etc.The Safety Design chip generally all requires to meet relevant standard and by the authentication of being correlated with etc. to guarantee its security performance, such as TCG (Trusted Computing Group, credible computation organization) TPM (Trusted Platform Module, credible platform module) v1.2 standard, ISO (Intemational StandardizeOrganization, International Standards Organization) 15408 international standards or Chinese Password Management committee standard etc.There are a lot of money Safety Design chips available at present on the market, the ST19WP18 microcontroller of STMicw Electronics wherein, ensured the authentication of level EAL5+ (enhanced edition) by " public standard " assessment, this is the ISO15408 international standard about one of highest standard of this series products.The Safety Design chip comprises intelligent card chip.
Network crime case is more and more at present, entangles its reason, and the key link also is employed authentication method.The most frequently used method is " static password " authentication method at present, so-called " static password " authentication method refers to that the data that are used for authenticating are static, employed password is constant during promptly each the authentication, so the authenticate password of " static password " authentication method is easy to be intercepted and captured by technology such as internal memory scanning or network monitorings, has basic potential safety hazard.Modal " static password " authentication method has " usemame/password " authentication method, and IC-card authentication method (by read the method that authenticate password authenticates from IC-card) etc.
The dynamic password technology is also being risen at present, and the dynamic password technology is that a kind of authenticate password that allows changes the only expendable technology of each password according to the continuous dynamic change of time/incident.The dynamic password technology adopts a kind of special hardware to realize, is also referred to as information safety devices, and its structure is generally at the built-in password of information safety devices and generates chip, power supply and display screen, and generating built-in chip type at password has special password generating algorithm.In realizing process of the present invention, the inventor finds that there are the following problems at least in the prior art:
1) the built-in a kind of password of information safety devices generates chip, generates built-in special password generating algorithm in the chip at password, is used for generating dynamic password by described algorithm when the user authenticates at every turn, so the typical hardware cost can be than higher;
2) for utilizing time factor dynamically to produce the information safety devices of authenticate password; have during realization technological difficulties are exactly how information safety devices realizes time synchronized with service end; to such an extent as to because exist because the phenomenon of validated user authentification failure appears in the asynchronism(-nization) step through regular meeting, there is certain unsteadiness in the information safety devices that promptly utilizes time factor dynamically to produce authenticate password.
3) dynamically produce the information safety devices of authenticate password for the incident factor of utilization, equally also having a problem during realization is exactly the situation of the asynchronous validated user authentification failure that causes of metering.For example, because when the user presses misoperation such as button because of carelessness, the authenticate password of pressing the button generation does not authenticate in service end, thereby make in the information safety devices inconsistent with the incident factor of service end, to such an extent as to when authenticate next time because in the information safety devices and service end to be used to produce the dynamic operation factor that authenticate password adopts be that the incident factor is inconsistent, the authenticate password that the two ends that cause generate is inconsistent, thereby validated user can not successfully be logined the authentication failure.
Summary of the invention
In order to save production cost, improve the stability of authenticating device, the invention provides a kind of authenticating device, method and system.
Described technical scheme is as follows:
The invention provides a kind of authenticating device, described authenticating device specifically comprises memory module, trigger module, acquisition module, display module, removing module, control module and power module:
Described memory module links to each other with described control module, is used to store one group of authenticate password;
Described trigger module links to each other with described control module, is used to produce triggering signal;
Described acquisition module links to each other with described control module, is used for obtaining an authenticate password from described memory module under the control of described control module, as authentication code;
Described display module links to each other with described control module, is used for showing under the control of described control module the authentication code that described acquisition module obtains;
Described removing module links to each other with memory module with described control module, is used for after described acquisition module obtains authenticate password from described memory module the authenticate password that deletion is obtained from described memory module under the control of described control module;
Described control module is used for after the triggering signal that detects described trigger module generation, control described acquisition module and from described memory module, obtain an authenticate password as authentication code, control described display module and show described authentication code, and control described removing module and from described memory module, delete the described authenticate password that obtains;
Described power module links to each other with described memory module, acquisition module, display module, removing module and control module, is used to described authenticating device that working power is provided.
Described memory module is a memory device.
Described memory device is flash memory, hard disk or smart card.
Described trigger module is button or switch.
Described acquisition module specifically comprises:
Acquiring unit is used for obtaining an authenticate password at random from described memory module, as authentication code at random.
Described acquisition module specifically comprises:
The rule acquiring unit is used for obtaining an authenticate password according to default rule from described memory module, as authentication code.
Described acquisition module specifically comprises:
Converter unit is used for the authenticate password that obtains from described memory module is carried out conversion, with the authenticate password after the conversion as authentication code.
In described memory module, acquisition module and the removing module at least one and described control module are integrated in the control chip.
Described display module is light-emitting diode or LCD.
Described authenticating device also comprises:
Security module links to each other with described control module, is used for carrying out safety operation under the control of described control module.
Described security module specifically comprises:
Ciphering unit is used for utilizing cryptographic algorithm that described authenticate password is carried out encryption under the control of described control module when described memory module is stored described authenticate password;
Decrypting device is used for when described acquisition module obtains authenticate password, utilizes the decipherment algorithm corresponding with described cryptographic algorithm that described authenticate password is decrypted processing under the control of described control module;
Correspondingly, described memory module specifically is used to store the authenticate password after the described ciphering unit encryption; Described acquisition module specifically is used to obtain the authenticate password after the described decrypting device decryption processing.
Described security module is the Safety Design chip.
In described memory module, acquisition module, removing module and the control module at least one and described security module are integrated in the chips.
Described authenticating device also comprises:
The standby module links to each other with described control module, is used for when described control module does not detect the triggering signal of described trigger module generation at the appointed time described authenticating device being placed standby mode.
In described memory module, acquisition module, removing module and the standby module at least one and described control module are integrated in the control chip.
In described memory module, acquisition module, removing module, standby module and the control module at least one and described security module are integrated in the chips.
Described chip is the Safety Design chip, and described Safety Design chip comprises intelligent card chip.
Described power module is a battery.
Described authenticating device is key button, hand-hold type or wrist formula portable equipment.
The present invention also provides a kind of authentication method, and one group of authenticate password of storage in authenticating device is stored user ID and the one group checking password corresponding with one group of authenticate password of described authenticating device storage in service end in advance, and described authentication method comprises:
Receive user's triggering signal when described authenticating device after, from the one group of authenticate password that prestores, obtain an authenticate password, and the authenticate password that obtains is deleted from described authenticating device, show described authentication code as authentication code;
Client sends to described service end with described user ID and authentication code after receiving the user ID and described authentication code that the user imports;
Described service end receives described user ID and authentication code, searches the one group of corresponding checking password of the one group of authenticate password that prestores with described authenticating device that prestores according to the described user ID of receiving;
Described service end is compared described authentication code and the described checking password that finds, if comparison unanimity, then authentication success; Otherwise, authentification failure;
Behind the authentication success, the checking password deletion that described service end will be consistent with described authentication code comparison.
The described step of obtaining an authenticate password from the one group of authenticate password that prestores is specially:
From one group of authenticate password that described authenticating device prestores, obtain an authenticate password at random;
Correspondingly, described service end step that described authentication code and described checking password are compared is specially:
Described service end judges in one group of corresponding checking password of the one group of authenticate password that prestores with described authenticating device that finds whether the checking password consistent with described authentication code is arranged, if having, then comparison is consistent; Otherwise, compare inconsistent.
The described step of obtaining an authenticate password from the one group of authenticate password that prestores is specially:
From one group of authenticate password that described authenticating device prestores, obtain an authenticate password according to default rule;
Correspondingly, described service end step that described authentication code and described checking password are compared is specially:
Described service end is obtained a checking password according to described default rule from one group of corresponding checking password of the one group of authenticate password that prestores with described authenticating device that finds, the checking password that described authentication code and described service end are obtained is compared, if identical, then comparison is consistent; Otherwise, compare inconsistent.
Described default rule is specially:
Obtain successively according to the flowing water order, or obtain successively, or obtain successively according to preassigned order according to fixed intervals.
Described step of storing one group of authenticate password in advance in authenticating device specifically comprises:
Utilize the cryptographic algorithm that is stored in the described authenticating device that authenticate password is carried out encryption in advance, the authenticate password after encrypting is stored in the authenticating device;
Correspondingly, describedly from the one group of authenticate password that prestores, obtain an authenticate password and specifically comprise as the step of authentication code:
From the one group of authenticate password that prestores, obtain an authenticate password, utilize to be stored in the authenticate password that decipherment algorithm decryption processing corresponding with described cryptographic algorithm in the described authenticating device is obtained, with the authenticate password after the deciphering as authentication code.
The step of one group of checking password that the one group of authenticate password that prestores at service end storage and described authenticating device is corresponding specifically comprises:
One group of authenticate password storing in the described authenticating device is carried out conversion obtain one group of checking password, store described checking password into service end;
Correspondingly, describedly from the one group of authenticate password that prestores, obtain an authenticate password and specifically comprise as the step of authentication code:
From the one group of authenticate password that prestores, obtain an authenticate password, the authenticate password that obtains carried out described conversion, with the authenticate password after the conversion as authentication code.
Described method also comprises:
When described authenticating device was not received described triggering signal in official hour, described authenticating device entered standby mode.
Described user ID comprises at least one in user's name, the user account number.
The present invention also provides a kind of Verification System, and described system comprises authenticating device, client and service end;
Described authenticating device comprises memory module, trigger module, acquisition module, display module, removing module, control module and power module:
Described memory module links to each other with described control module, is used to store one group of authenticate password;
Described trigger module links to each other with described control module, is used to produce triggering signal;
Described acquisition module links to each other with described control module, is used for obtaining an authenticate password from described memory module under the control of described control module, as authentication code;
Described display module links to each other with described control module, is used for showing under the control of described control module the authentication code that described acquisition module obtains;
Described removing module links to each other with memory module with described control module, is used for after described acquisition module obtains authenticate password from described memory module the authenticate password that deletion is obtained from described memory module under the control of described control module;
Described control module is used for after the triggering signal that detects described trigger module generation, control described acquisition module and from described memory module, obtain an authenticate password as authentication code, control described display module and show described authentication code, and control described removing module and from described memory module, delete the described authenticate password that obtains;
Described power module removes module with described memory module, acquisition module, display module, volume and links to each other with control module, is used to described authenticating device that working power is provided;
Described client comprises:
Input module is used to receive user ID and the described authentication code that the user imports;
Sending module, the user ID and the authentication code that are used for described input module is received are sent to service end;
Described service end comprises:
Preserve module, be used to the corresponding checking password of one group of authenticate password of preserving user ID and storing with described authenticating device;
Receiver module is used to receive user ID and the authentication code that described client sends;
Search module, be used for searching according to the user ID that described receiver module receives that described preservation module preserves with described authenticating device in one group of corresponding checking password of one group of authenticate password of storing;
Comparing module is used for described authentication code that described receiver module is received and describedly searches the checking password that module finds and compare, if comparison is consistent, and authentication success then; Otherwise, authentification failure;
Removing module is used for behind described comparing module authentication success, deletion and the consistent checking password of described authentication code comparison from described preservation module.
Described preservation module specifically comprises:
Converter unit is used for that one group of authenticate password that described authenticating device is stored is carried out conversion and obtains one group of checking password, and stores described checking password.
Correspondingly, described acquisition module specifically comprises:
Converter unit is used for the authenticate password that obtains from described memory module is carried out described conversion, with the authenticate password after the conversion as authentication code.
Described acquisition module specifically comprises:
Acquiring unit is used for obtaining an authenticate password at random as authentication code from described memory module at random;
Correspondingly, described comparing module specifically comprises:
Judging unit, be used for judging described search module searches to one group of checking password whether the consistent checking password of authentication code that receives with described receiver module is arranged, if having, then comparison is consistent, authentication success; Otherwise, authentification failure.
Described acquisition module specifically comprises:
The rule acquiring unit is used for obtaining an authenticate password as authentication code according to default rule from described memory module;
Correspondingly, described comparing module specifically comprises:
Acquiring unit is used for searching one group of corresponding checking password of one group of authenticate password with described authenticating device storage that module finds and obtaining a checking password from described according to described default rule;
Comparing unit is used for the authentication code that checking password that described acquiring unit is obtained and described receiver module receive and compares, if identical, then comparison is consistent, authentication success; Otherwise, authentification failure.
The present invention realizes password authentication by the authenticate password that prestores simultaneously in authenticating device and service end under the situation that does not need the password generating algorithm, avoided adopting in authenticating device the higher password of cost to generate chip, thereby reduced the hardware production cost; Simultaneously, overcome when adopting method for synchronizing time to carry out authentication, owing to the authenticating device problem of unstable that is difficult to accomplish that time synchronized causes; And, because the present invention also provides in client and has obtained an authenticate password at random, the equipment, the method and system that carry out authentication by once comparing in service end, thereby the situation of the asynchronous validated user authentication failure that causes of metering when effectively having avoided utilizing the incident factor to carry out authentication in the prior art, because client sends to the authenticate password of service end among the present invention, can both in service end, find, can not be so validated user can not occur by the situation of checking.
Description of drawings
The structure chart of the authenticating device that Fig. 1 provides for the embodiment of the invention 1;
The structure chart of the portable authenticating device of key button that Fig. 2 provides for the embodiment of the invention 1;
The flow chart of the authentication method that Fig. 3 provides for the embodiment of the invention 2;
The structure chart of the Verification System that Fig. 4 provides for the embodiment of the invention 3.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
The embodiment of the invention is by the authenticate password that prestores simultaneously in authenticating device and service end, and need not generate chip by built-in password in authenticating device, reduced hardware implementation cost; Validated user can not be by the problem of checking when simultaneously, having avoided carrying out password authentication in the prior art.
Embodiment 1:
Referring to Fig. 1, the embodiment of the invention provides a kind of authenticating device 100, specifically comprises memory module 101, trigger module 102, acquisition module 103, display module 104, removing module 105, control module 106 and power module 107:
Memory module 101 links to each other with control module 106, is used to store one group of authenticate password;
Memory module 101 can be an independently memory device, as the FLASH chip, SD (Secure Digital, safe digital) card, micro harddisk or smart card etc., it also can be the memory device (as having Safety Design chip of memory cell etc.) in the control chip, its storage medium can be RAM (RandomAccess Memory, random asccess memory), ROM (Read-OnlyMemory, read-only memory), EPROM (Erasable Programmable Read-Only Memory, EPROM (Erasable Programmable Read Only Memory)), among EEPROM (Electical Erasable Programmable Read-Only Memory, EEPROM (Electrically Erasable Programmable Read Only Memo)) and the FLASH one or more; And the combination of the equipment of the reproduction personal application environment that memory device and present embodiment provide can have multiple, as combining with equipment with fixed form, or combines or the like with equipment in the mode of substituting.
Trigger module 102 links to each other with control module 106, is used to produce triggering signal; General button or the switch of adopting realized;
Acquisition module 103 links to each other with control module 106, is used for obtaining an authenticate password from memory module 101 under the control of control module 106, as authentication code;
Display module 104 links to each other with control module 106, is used for showing under the control of control module 106 authentication code that acquisition module 103 obtains; General light-emitting diode or the LCD of adopting realizes;
Removing module 105 links to each other with control module 106, is used for after acquisition module 103 obtains authenticate password from memory module 101 authenticate password that deletion is obtained from memory module 101 under the control of control module 106;
Control module 106 links to each other with memory module 101, trigger module 102, acquisition module 103, display module 104 and removing module 105, be used for after the triggering signal that detects trigger module 102 generations, control acquisition module 103 obtains an authenticate password as authentication code from memory module 101, control display module 104 shows authentication code, and control removing module 105 is deleted the authenticate password that obtains from memory module 101;
Power module 107 links to each other with memory module 101, acquisition module 103, display module 104, removing module 105 and control module 106, is used to authenticating device 100 that working power is provided; Be generally battery, such as dry cell, solar cell or rechargeable battery etc.
Above-mentioned acquisition module 103 specifically comprises:
Acquiring unit is used for obtaining an authenticate password at random from memory module 101, as authentication code at random.
Above-mentioned acquisition module 103 can also specifically comprise:
The rule acquiring unit is used for obtaining an authenticate password according to default rule from memory module 101, as authentication code.
Above-mentioned acquisition module 103 can also specifically comprise:
Converter unit is used for the authenticate password that obtains from memory module 101 is carried out conversion, with the authenticate password after the conversion as authentication code.
In above-mentioned memory module 101, acquisition module 103 and the removing module 105 at least one and control module 106 are integrated in the control chip.
Further, for improving fail safe, above-mentioned authenticating device 100 can also comprise:
Security module links to each other with control module 106, is used for carrying out safety operation under the control of control module 106;
Fail safe when using in order to improve, the above-mentioned security module of stating specifically comprises:
Ciphering unit is used for utilizing the cryptographic algorithm that prestores in the equipment 100 that authenticate password is carried out encryption under the control of control module 106 when memory module 101 authentication storage passwords;
Decrypting device is used for when acquisition module 103 obtains authenticate password, utilizes the decipherment algorithm corresponding with above-mentioned cryptographic algorithm that prestores in the equipment 100 that authenticate password is decrypted processing under the control of control module 106;
Correspondingly, memory module 101 specifically is used for the authenticate password after the encryption of storage encryption unit; Acquisition module 103 specifically is used to obtain the authenticate password after the decrypting device decryption processing.
Above-mentioned security module can realize with a Safety Design chip; Also at least one and the security module in above-mentioned memory module 101, acquisition module 103, removing module 105 and the control module 106 can be integrated in the chips and realize, its chips is generally selected the Safety Design chip for use, comprise intelligent card chip, utilize the more simple and safe realization safety function of safety function of Safety Design built-in chip type.
In addition, above-mentioned authenticating device 100 can also comprise:
The standby module links to each other with control module 106, is used for when control module 106 does not detect the triggering signal of trigger module 102 generations at the appointed time authenticating device being placed standby mode.
Further, at least one in above-mentioned memory module 101, acquisition module 103, removing module 105 and the standby module can also be integrated in the control chip with control module 106 and realize.
In addition, in memory module 101, acquisition module 103, removing module 105, standby module and the control module 106 at least one can also be integrated in the chips with security module and realize, its chips is generally selected the Safety Design chip for use, comprise intelligent card chip, utilize the more simple and safe realization safety function of safety function of Safety Design built-in chip type.
Power module 107 is used to memory module 101, acquisition module 103, display module 104, removing module 105 and control module 106 that power supply is provided;
In order to improve application flexibility, be user-friendly to, authenticating device 100 can be key chain formula, hand-hold type or wrist formula portable equipment.
Referring to Fig. 2, present embodiment also provides a portable authenticating device 1000 of key button, specifically comprises storage chip 1001, button 1002, microcontroller chip 1003, LCD1004 and battery 1005:
Storage chip 1001 links to each other with microcontroller chip 1003, is used for realizing the function of above-mentioned memory module 101, promptly stores one group of authenticate password;
Button 1002 links to each other with microcontroller chip 1003, is used for realizing the function of above-mentioned trigger module 102;
Microcontroller chip 1003 links to each other with LCD1004 with storage chip 1001, button 1002, is used for realizing the function of above-mentioned acquisition module 103, removing module 105 and control module 106;
Microcontroller chip 1003 can adopt general control chip, also can adopt the Safety Design chip to realize (comprising intelligent card chip) function of above-mentioned control module 106;
LCD1004 links to each other with microcontroller chip 1003, is used for realizing the function of above-mentioned display module 104;
Battery 1005 links to each other with LCD1004 with storage chip 1001, button 1002, microcontroller chip 1003, is used for realizing the function of above-mentioned power module 107;
Further, in the portable authenticating device 1000 of above-mentioned key button, the authenticate password quantity that the capacity of storage chip 1001 can be stored is as required chosen, and storage chip 1001 can be flash memory, SD card or smart card.
In the optimal way of the above-mentioned authenticating device that provides, can also be according to the memory capacity of microcontroller chip 1003 and the authenticate password quantity that will store, authenticate password is stored in the storage area in the microcontroller chip 1003, and do not need again independent use storage chip 1001 to come the authentication storage password.
Embodiment 2:
The embodiment of the invention provides a kind of authentication method, in authenticating device, respectively store one group of corresponding authenticate password and checking password in advance with service end, authenticating device obtains authenticate password as authentication code after receiving triggering signal, client receives the user ID and the authentication code of user's input, and user ID and authentication code sent to service end, server side authentication just can be logined by the back user.
In the present embodiment, need one group of authenticate password of storage in authenticating device in advance, at service end storage user ID and the one group checking password corresponding with one group of authenticate password of authenticating device storage, authenticate password and checking password can be generated by the device fabrication merchant, also can be generated by operator.
Wherein, the authenticate password of storing in the authenticating device is generally natural number, and for example authenticate password is 100; The checking password of service end storage is the authenticate password that authenticating device is stored to be carried out conversion obtain, and also can directly store the authenticate password of authenticating device storage into service end as the checking password.
Authenticate password can be stored in a variety of forms with the checking password, and authenticate password and checking password all are to store with the form of tabulation in the present embodiment.
In the checking password tabulation of the in store a plurality of authenticating devices of service end, these tabulations are one to one with user ID; Also in store user ID of service end and the corresponding relation of verifying the password tabulation after service end is received user ID, can find the checking password tabulation corresponding with authenticating device according to user ID.
Referring to Fig. 3, above-mentioned authentication method specifically may further comprise the steps:
Step 201: authenticating device is received user's triggering signal, obtains an authenticate password from the one group of authenticate password that prestores.
Can adopt to have the operation that the trigger equipment that triggers function is realized triggering authentication equipment, such as button, switch or the like.
The method of obtaining authenticate password from the authenticate password that prestores has multiple, can be to obtain at random, also can be to obtain according to default rule.
Default rule has multiple: 1) obtain successively according to the flowing water order, read first password of authenticate password tabulation when for example authenticating for the first time, read second password of authenticate password tabulation when authenticating for the second time, the rest may be inferred.2) obtain successively according to fixed intervals, for example pre-setting spacing value is 2, read first password of authenticate password tabulation when authenticating for the first time, then read the 3rd password when authenticating for the second time, when carrying out authenticate password tabulation last, first position above authenticate password tabulation once more is that 2 order reads password according to spacing value, and the rest may be inferred.3) obtain successively according to preassigned order, read first password of authenticate password tabulation when for example authenticating for the first time, appointment reads the position when being authenticated according to pre-set order afterwards next time, such as obtain a value according to pre-set order is 5, then when authenticating for the second time, read the 5th password, read positional value when obtaining a value afterwards again and authenticating as next time, the rest may be inferred.
Step 202: the authenticate password that authenticating device is obtained is as authentication code.
Can also can carry out conversion to the authenticate password that obtains and obtain authentication code with the authenticate password that obtains directly as authentication code.
When obtaining authentication code by transform method, can be that the numeral in the authenticate password is carried out evolution, also can be other transform methods.For example, kilobit and hundred bit digital location swaps with authenticate password (such as being 1000) obtain authentication code 0100.
Step 203: on authenticating device, show the authentication code that obtains.
The display screen of authenticating device can adopt LED (Light Emitting Diode, light-emitting diode) or LCD devices such as (LiquidCrystal Display, LCD) to realize, generally adopts segment encode LCD to realize that dot matrix LCD is also more commonly used.
Step 204: the above-mentioned authenticate password that obtains is deleted from authenticating device.
With the deletion from the authenticate password tabulation of the authenticate password after obtaining, realized that each authenticate password only uses once, has guaranteed the fail safe of authenticate password.
Step 205: client receive user ID that the user imports and the authentication code that obtains from authenticating device after, user ID and authentication code are sent to service end.
Above-mentioned user ID comprises at least one in the information such as user's name and user account number.
Step 206: after service end is received user ID and authentication code, find the one group checking password corresponding with authenticating device by user ID.
Step 207: service end is with the authentication code received and comparing with the corresponding checking password of authenticating device of finding.
Relevant in the method that service end is compared with the method that authenticating device obtains authenticate password, if authenticating device is to obtain authenticate password at random, service end judges in the checking password tabulation of finding whether the checking password consistent with the authentication code of receiving is arranged, if having, then comparison is consistent; If no, then compare inconsistent.
For example, the authentication code that service end is received is 100, in the checking password tabulation checking password of storage be 100,200 ..., 1000, then with 100 successively with 100,200 ..., 1000 compare, because have checking password 100 in the tabulation of checking password, so comparison is consistent.This method of comparison successively can effectively be avoided in the prior art because the situation of the asynchronous validated user authentication failure that causes of metering.
If authenticating device is the authenticate password that obtains according to default rule, then service end is also obtained a checking password according to same rule from the checking password tabulation of finding, the authentication code that the checking password that obtains and service end are received compares, if identical, then comparison is consistent; Otherwise, compare inconsistent.
For example, the authentication code that service end is received is 100, and authenticating device is first authenticate password of the authenticate password tabulation of obtaining by the flowing water order, then also obtains first checking password of checking password tabulation according to the flowing water order in service end, if 100, then comparison is consistent; If not 100, then compare inconsistent.
Step 208: judge whether comparison result is consistent, if then execution in step 209; Otherwise, execution in step 211.
Step 209: authentication success, the user successfully logins.
Step 210: the checking password deletion that service end will be consistent with the authentication code comparison of receiving, finish.
Step 211: authentification failure, the user can not login system, finishes.
In order to improve fail safe, further, said method can also comprise:
Utilize the built-in cryptographic algorithm of authenticating device that authenticate password is carried out encryption in advance, the authenticate password after encrypting is stored in the authenticating device;
Correspondingly, utilize the built-in decipherment algorithm corresponding of authenticating device that the authenticate password that obtains is decrypted processing, and the authenticate password after will deciphering is as authentication code with cryptographic algorithm.
In order to save resource, after once authenticating, if authenticating device is not operated at the appointed time, then this authenticating device enters standby mode, up to detecting triggering signal once more, carries out authentication next time.Wherein, the stipulated time is what pre-set, can be that authenticating device is pre-set by device fabrication producer before dispatching from the factory, and also can be after the user takes authenticating device, oneself to set according to individual human needs.
Standby mode helps saving battery, adopts the authenticating device of time synchronizing method relatively at present, can without battery real-time for the time timing provides electric power, thereby prolonged the service time of authenticating device.
Embodiment 3:
Referring to Fig. 4, the embodiment of the invention also provides a kind of Verification System, and system comprises authenticating device 100, client 301 and service end 302;
Authenticating device 100 comprises:
Memory module 101 links to each other with control module 106, is used to store one group of authenticate password;
Trigger module 102 links to each other with control module 106, is used to produce triggering signal;
Acquisition module 103 links to each other with control module 106, is used for obtaining an authenticate password from memory module 101 under the control of control module 106, as authentication code;
Display module 104 links to each other with control module 106, is used for showing under the control of control module 106 authentication code that acquisition module 103 obtains;
Removing module 105 links to each other with control module 106, is used for after acquisition module 103 obtains authenticate password from memory module 101 authenticate password that deletion is obtained from memory module 101 under the control of control module 106;
Control module 106, be used for after the triggering signal that detects trigger module 102 generations, control acquisition module 103 obtains an authenticate password as authentication code from memory module 101, control display module 104 shows authentication code, and control removing module 105 is deleted the authenticate password that obtains from memory module 101;
Power module 107 links to each other with memory module 101, acquisition module 103, display module 104, removing module 105 and control module 106, is used to authenticating device 100 that working power is provided;
Client 301 comprises:
Input module 3011 is used to receive user ID and the authentication code that the user imports;
Sending module 3012, the user ID and the authentication code that are used for input module 3011 is received are sent to service end 302;
Service end 302 comprises:
Preserve module 3021, be used to the corresponding checking password of authenticate password of preserving user ID and storing with authenticating device 100;
Receiver module 3022 is used to receive user ID and the authentication code that client 301 sends;
Search module 3023, be used for according to the user ID that receiver module 3022 receives search preserve module 3021 that preserve with authenticating device 100 in corresponding one group verify password;
Comparing module 3024, the authentication code checking password corresponding with searching module 3023 authenticate passwords that find and authenticating device 100 storages that is used for receiver module 3022 is received compared, if comparison unanimity, then authentication success; Otherwise, authentification failure;
Removing module 3025 is used for behind comparing module 3024 authentication successs, deletion and the consistent checking password of authentication code comparison from preserve module 3021.
Above-mentioned preservation module 3021 specifically comprises:
Converter unit is used for that one group of authenticate password that authenticating device 100 is stored is carried out conversion and obtains one group of checking password, and storage checking password;
Correspondingly, acquisition module 103 specifically comprises:
Converter unit is used for the authenticate password that obtains from memory module 101 is carried out above-mentioned conversion, with the authenticate password after the conversion as authentication code.
Above-mentioned acquisition module 103 specifically comprises:
Acquiring unit is used for obtaining an authenticate password at random as authentication code from memory module 101 at random;
Correspondingly, comparing module 3024 specifically comprises:
Judging unit is used for judging whether have the authentication code consistent checking password that with receiver module 3022 receive, if having, then comparison is consistent, authentication success if searching one group of checking password that module 3023 is that find and authenticating device 100 is corresponding; Otherwise, authentification failure.
Above-mentioned acquisition module 103 can also specifically comprise:
The rule acquiring unit is used for obtaining an authenticate password as authentication code according to default rule from memory module 101;
Correspondingly, comparing module 3024 can also specifically comprise:
Acquiring unit is used for obtaining a checking password according to default rule from searching module 3,023 one group of checking password corresponding with authenticating device 100 that find;
Comparing unit is used for the authentication code that checking password that acquiring unit is obtained and receiver module 3022 receive and compares, if identical, then comparison is consistent, authentication success; Otherwise, authentification failure.
The embodiment of the invention is by depositing authenticate password in advance in authenticating device and service end, authenticate password can directly read and need do not generated by the password generating algorithm, thereby need not to generate chip, reduced the production cost of authenticating device at the built-in password of authenticating device; Simultaneously, overcome when adopting method for synchronizing time to carry out authentication, owing to the authenticating device problem of unstable that is difficult to accomplish that time synchronized causes; In addition, because service end prestores the authenticate password identical with authenticating device, can not occur because the asynchronous validated user that causes of metering can not improve the stability of authenticating device by the problem of checking; Authenticating device can be made various ways, and is convenient and practical.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (31)

1. an authenticating device is characterized in that, described authenticating device specifically comprises memory module, trigger module, acquisition module, display module, removing module, control module and power module:
Described memory module links to each other with described control module, is used to store one group of authenticate password;
Described trigger module links to each other with described control module, is used to produce triggering signal;
Described acquisition module links to each other with described control module, is used for obtaining an authenticate password from described memory module under the control of described control module, as authentication code;
Described display module links to each other with described control module, is used for showing under the control of described control module the authentication code that described acquisition module obtains;
Described removing module links to each other with memory module with described control module, is used for after described acquisition module obtains authenticate password from described memory module the authenticate password that deletion is obtained from described memory module under the control of described control module;
Described control module is used for after the triggering signal that detects described trigger module generation, control described acquisition module and from described memory module, obtain an authenticate password as authentication code, control described display module and show described authentication code, and control described removing module and from described memory module, delete the described authenticate password that obtains;
Described power module links to each other with described memory module, acquisition module, display module, removing module and control module, is used to described authenticating device that working power is provided.
2. authenticating device according to claim 1 is characterized in that, described memory module is a memory device.
3. authenticating device according to claim 2 is characterized in that, described memory device is flash memory, hard disk or smart card.
4. authenticating device according to claim 1 is characterized in that, described trigger module is button or switch.
5. authenticating device according to claim 1 is characterized in that, described acquisition module specifically comprises:
Acquiring unit is used for obtaining an authenticate password at random from described memory module, as authentication code at random.
6. authenticating device according to claim 1 is characterized in that, described acquisition module specifically comprises:
The rule acquiring unit is used for obtaining an authenticate password according to default rule from described memory module, as authentication code.
7. authenticating device according to claim 1 is characterized in that, described acquisition module specifically comprises:
Converter unit is used for the authenticate password that obtains from described memory module is carried out conversion, with the authenticate password after the conversion as authentication code.
8. authenticating device according to claim 1 is characterized in that, at least one in described memory module, acquisition module and the removing module and described control module are integrated in the control chip.
9. authenticating device according to claim 1 is characterized in that, described display module is light-emitting diode or LCD.
10. authenticating device according to claim 1 is characterized in that, described authenticating device also comprises:
Security module links to each other with described control module, is used for carrying out safety operation under the control of described control module.
11. authenticating device according to claim 10 is characterized in that, described security module specifically comprises:
Ciphering unit is used for utilizing cryptographic algorithm that described authenticate password is carried out encryption under the control of described control module when described memory module is stored described authenticate password;
Decrypting device is used for when described acquisition module obtains authenticate password, utilizes the decipherment algorithm corresponding with described cryptographic algorithm that described authenticate password is decrypted processing under the control of described control module;
Correspondingly, described memory module specifically is used to store the authenticate password after the described ciphering unit encryption; Described acquisition module specifically is used to obtain the authenticate password after the described decrypting device decryption processing.
12. authenticating device according to claim 10 is characterized in that, described security module is the Safety Design chip.
13. authenticating device according to claim 10 is characterized in that, at least one in described memory module, acquisition module, removing module and the control module and described security module are integrated in the chips.
14., it is characterized in that described authenticating device also comprises according to claim 1 or 10 described authenticating devices:
The standby module links to each other with described control module, is used for when described control module does not detect the triggering signal of described trigger module generation at the appointed time described authenticating device being placed standby mode.
15. authenticating device according to claim 14 is characterized in that, at least one in described memory module, acquisition module, removing module and the standby module and described control module are integrated in the control chip.
16. authenticating device according to claim 14 is characterized in that, at least one in described memory module, acquisition module, removing module, standby module and the control module and described security module are integrated in the chips.
17., it is characterized in that described chip is the Safety Design chip according to claim 13 or 16 described authenticating devices, described Safety Design chip comprises intelligent card chip.
18. authenticating device according to claim 1 is characterized in that, described power module is a battery.
19. authenticating device according to claim 1 is characterized in that, described authenticating device is key button, hand-hold type or wrist formula portable equipment.
20. an authentication method is characterized in that, one group of authenticate password of storage in authenticating device is stored user ID and the one group checking password corresponding with one group of authenticate password of described authenticating device storage in service end in advance, and described authentication method comprises:
Receive user's triggering signal when described authenticating device after, from the one group of authenticate password that prestores, obtain an authenticate password, and the authenticate password that obtains is deleted from described authenticating device, show described authentication code as authentication code;
Client sends to described service end with described user ID and authentication code after receiving the user ID and described authentication code that the user imports;
Described service end receives described user ID and authentication code, searches the one group of corresponding checking password of the one group of authenticate password that prestores with described authenticating device that prestores according to the described user ID of receiving;
Described service end is compared described authentication code and the described checking password that finds, if comparison unanimity, then authentication success; Otherwise, authentification failure;
Behind the authentication success, the checking password deletion that described service end will be consistent with described authentication code comparison.
21. authentication method according to claim 20 is characterized in that, the described step of obtaining an authenticate password from the one group of authenticate password that prestores is specially:
From one group of authenticate password that described authenticating device prestores, obtain an authenticate password at random;
Correspondingly, described service end step that described authentication code and described checking password are compared is specially:
Described service end judges in one group of corresponding checking password of the one group of authenticate password that prestores with described authenticating device that finds whether the checking password consistent with described authentication code is arranged, if having, then comparison is consistent; Otherwise, compare inconsistent.
22. authentication method according to claim 20 is characterized in that, the described step of obtaining an authenticate password from the one group of authenticate password that prestores is specially:
From one group of authenticate password that described authenticating device prestores, obtain an authenticate password according to default rule;
Correspondingly, described service end step that described authentication code and described checking password are compared is specially:
Described service end is obtained a checking password according to described default rule from one group of corresponding checking password of the one group of authenticate password that prestores with described authenticating device that finds, the checking password that described authentication code and described service end are obtained is compared, if identical, then comparison is consistent; Otherwise, compare inconsistent.
23. authentication method according to claim 22 is characterized in that, described default rule is specially:
Obtain successively according to the flowing water order, or obtain successively, or obtain successively according to preassigned order according to fixed intervals.
24. authentication method according to claim 20 is characterized in that, described step of storing one group of authenticate password in advance in authenticating device specifically comprises:
Utilize the cryptographic algorithm that is stored in the described authenticating device that authenticate password is carried out encryption in advance, the authenticate password after encrypting is stored in the authenticating device;
Correspondingly, describedly from the one group of authenticate password that prestores, obtain an authenticate password and specifically comprise as the step of authentication code:
From the one group of authenticate password that prestores, obtain an authenticate password, utilize to be stored in the authenticate password that decipherment algorithm decryption processing corresponding with described cryptographic algorithm in the described authenticating device is obtained, with the authenticate password after the deciphering as authentication code.
25. authentication method according to claim 20 is characterized in that, the step of one group of checking password that the one group of authenticate password that prestores at service end storage and described authenticating device is corresponding specifically comprises:
One group of authenticate password storing in the described authenticating device is carried out conversion obtain one group of checking password, store described checking password into service end;
Correspondingly, describedly from the one group of authenticate password that prestores, obtain an authenticate password and specifically comprise as the step of authentication code:
From the one group of authenticate password that prestores, obtain an authenticate password, the authenticate password that obtains carried out described conversion, with the authenticate password after the conversion as authentication code.
26. authentication method according to claim 20 is characterized in that, described method also comprises:
When described authenticating device was not received described triggering signal in official hour, described authenticating device entered standby mode.
27. authentication method according to claim 20 is characterized in that, described user ID comprises at least one in user's name, the user account number.
28. a Verification System is characterized in that described system comprises authenticating device, client and service end;
Described authenticating device comprises memory module, trigger module, acquisition module, display module, removing module, control module and power module:
Described memory module links to each other with described control module, is used to store one group of authenticate password;
Described trigger module links to each other with described control module, is used to produce triggering signal;
Described acquisition module links to each other with described control module, is used for obtaining an authenticate password from described memory module under the control of described control module, as authentication code;
Described display module links to each other with described control module, is used for showing under the control of described control module the authentication code that described acquisition module obtains;
Described removing module links to each other with memory module with described control module, is used for after described acquisition module obtains authenticate password from described memory module the authenticate password that deletion is obtained from described memory module under the control of described control module;
Described control module is used for after the triggering signal that detects described trigger module generation, control described acquisition module and from described memory module, obtain an authenticate password as authentication code, control described display module and show described authentication code, and control described removing module and from described memory module, delete the described authenticate password that obtains;
Described power module links to each other with described memory module, acquisition module, display module, removing module and control module, is used to described authenticating device that working power is provided;
Described client comprises:
Input module is used to receive user ID and the described authentication code that the user imports;
Sending module, the user ID and the authentication code that are used for described input module is received are sent to service end;
Described service end comprises:
Preserve module, be used to the corresponding checking password of one group of authenticate password of preserving user ID and storing with described authenticating device;
Receiver module is used to receive user ID and the authentication code that described client sends;
Search module, be used for searching according to the user ID that described receiver module receives that described preservation module preserves with described authenticating device in one group of corresponding checking password of one group of authenticate password of storing;
Comparing module is used for described authentication code that described receiver module is received and describedly searches the checking password that module finds and compare, if comparison is consistent, and authentication success then; Otherwise, authentification failure;
Removing module is used for behind described comparing module authentication success, deletion and the consistent checking password of described authentication code comparison from described preservation module.
29. Verification System according to claim 28 is characterized in that, described preservation module specifically comprises:
Converter unit is used for that one group of authenticate password that described authenticating device is stored is carried out conversion and obtains one group of checking password, and stores described checking password.
Correspondingly, described acquisition module specifically comprises:
Converter unit is used for the authenticate password that obtains from described memory module is carried out described conversion, with the authenticate password after the conversion as authentication code.
30. Verification System according to claim 28 is characterized in that, described acquisition module specifically comprises:
Acquiring unit is used for obtaining an authenticate password at random as authentication code from described memory module at random;
Correspondingly, described comparing module specifically comprises:
Judging unit, be used for judging described search module searches to one group of checking password whether the consistent checking password of authentication code that receives with described receiver module is arranged, if having, then comparison is consistent, authentication success; Otherwise, authentification failure.
31. Verification System according to claim 28 is characterized in that, described acquisition module specifically comprises:
The rule acquiring unit is used for obtaining an authenticate password as authentication code according to default rule from described memory module;
Correspondingly, described comparing module specifically comprises:
Acquiring unit is used for searching one group of corresponding checking password of one group of authenticate password with described authenticating device storage that module finds and obtaining a checking password from described according to described default rule;
Comparing unit is used for the authentication code that checking password that described acquiring unit is obtained and described receiver module receive and compares, if identical, then comparison is consistent, authentication success; Otherwise, authentification failure.
CNA2007101192047A 2007-07-18 2007-07-18 Authentication device, method and system Pending CN101102192A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2007101192047A CN101102192A (en) 2007-07-18 2007-07-18 Authentication device, method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2007101192047A CN101102192A (en) 2007-07-18 2007-07-18 Authentication device, method and system

Publications (1)

Publication Number Publication Date
CN101102192A true CN101102192A (en) 2008-01-09

Family

ID=39036301

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007101192047A Pending CN101102192A (en) 2007-07-18 2007-07-18 Authentication device, method and system

Country Status (1)

Country Link
CN (1) CN101102192A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009097778A1 (en) * 2008-02-01 2009-08-13 Huawei Technologies Co., Ltd. A method, device and system for calling the security interface
CN101339677B (en) * 2008-08-28 2010-06-23 北京飞天诚信科技有限公司 Safe authorization method and system
CN102244671A (en) * 2011-04-28 2011-11-16 大连亿创天地科技发展有限公司 Internet-based video diagnosis and treatment system for doctor
CN103918293A (en) * 2011-10-31 2014-07-09 金钱及数字保护许可两合有限公司 Device for mobile communication
CN107026735A (en) * 2016-01-29 2017-08-08 李明 Method and managed devices that a kind of password is automatically entered
CN109076080A (en) * 2016-04-25 2018-12-21 株式会社电子暴风 authentication method and system
CN111464306A (en) * 2019-01-18 2020-07-28 中兴通讯股份有限公司 Authentication processing method, authentication processing device, storage medium, and electronic device
WO2020259202A1 (en) * 2019-06-26 2020-12-30 天地融科技股份有限公司 Device authentication method in office environment, office equipment and system
CN113067705A (en) * 2021-04-13 2021-07-02 广州锦行网络科技有限公司 Method for identity authentication in connection establishment
CN115941179A (en) * 2023-02-14 2023-04-07 山东戎安智能科技有限公司 Method for realizing password conversion on ASIC chip

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009097778A1 (en) * 2008-02-01 2009-08-13 Huawei Technologies Co., Ltd. A method, device and system for calling the security interface
CN101339677B (en) * 2008-08-28 2010-06-23 北京飞天诚信科技有限公司 Safe authorization method and system
CN102244671A (en) * 2011-04-28 2011-11-16 大连亿创天地科技发展有限公司 Internet-based video diagnosis and treatment system for doctor
CN103918293A (en) * 2011-10-31 2014-07-09 金钱及数字保护许可两合有限公司 Device for mobile communication
CN103918293B (en) * 2011-10-31 2018-05-11 金钱及数字保护许可两合有限公司 device for mobile communication
CN107026735A (en) * 2016-01-29 2017-08-08 李明 Method and managed devices that a kind of password is automatically entered
CN109076080A (en) * 2016-04-25 2018-12-21 株式会社电子暴风 authentication method and system
CN109076080B (en) * 2016-04-25 2021-11-23 株式会社电子暴风 Authentication method and system
CN111464306A (en) * 2019-01-18 2020-07-28 中兴通讯股份有限公司 Authentication processing method, authentication processing device, storage medium, and electronic device
US12021867B2 (en) 2019-01-18 2024-06-25 Zte Corporation Authentication processing method and device, storage medium, and electronic device
WO2020259202A1 (en) * 2019-06-26 2020-12-30 天地融科技股份有限公司 Device authentication method in office environment, office equipment and system
CN113067705A (en) * 2021-04-13 2021-07-02 广州锦行网络科技有限公司 Method for identity authentication in connection establishment
CN113067705B (en) * 2021-04-13 2022-05-27 广州锦行网络科技有限公司 Method for identity authentication in connection establishment
CN115941179A (en) * 2023-02-14 2023-04-07 山东戎安智能科技有限公司 Method for realizing password conversion on ASIC chip
CN115941179B (en) * 2023-02-14 2023-05-16 山东戎安智能科技有限公司 Method for realizing password conversion on ASIC chip

Similar Documents

Publication Publication Date Title
CN101102192A (en) Authentication device, method and system
CN101166085B (en) Remote unlocking method and system
CN101106455B (en) Identity authentication method and intelligent secret key device
JP6275653B2 (en) Data protection method and system
CN101051908B (en) Dynamic cipher certifying system and method
CN202795383U (en) Device and system for protecting data
CN102339370B (en) The security method of electronic document, safety system and verification system
WO2017000829A1 (en) Method for checking security based on biological features, client and server
CN109472166A (en) A kind of electronic signature method, device, equipment and medium
WO2015188426A1 (en) Method, device, system, and related device for identity authentication
JP2005525662A5 (en)
WO2015188424A1 (en) Key storage device and method for using same
CN102638471A (en) Password protection and management method
CN108965222A (en) Identity identifying method, system and computer readable storage medium
US20190377863A1 (en) Password input method, computer device and storage medium
CN104468562A (en) Portable transparent data safety protection terminal oriented to mobile applications
CN108055129A (en) A kind of method, equipment and system for realizing the unified management of cellphone shield key
CN101540704B (en) Unreliable DBMS malicious intrusion detection system and method
CN205068524U (en) Intelligent gate inhibition system
CN103984901A (en) Trusted computer system and application method thereof
US9756044B2 (en) Establishment of communication connection between mobile device and secure element
US12135957B2 (en) Dynamic generation of device identifiers
CN101383833A (en) Apparatus and method for enhancing PIN code input security of intelligent cipher key apparatus
CN102819694A (en) TCM (trusted cryptography module) chip, virus scanning method and device for operating TCM chip
CN101594231B (en) Method and system based on EAP authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20080109