CN101350723A - USB Key equipment and method for implementing verification thereof - Google Patents
USB Key equipment and method for implementing verification thereof Download PDFInfo
- Publication number
- CN101350723A CN101350723A CNA2008101153649A CN200810115364A CN101350723A CN 101350723 A CN101350723 A CN 101350723A CN A2008101153649 A CNA2008101153649 A CN A2008101153649A CN 200810115364 A CN200810115364 A CN 200810115364A CN 101350723 A CN101350723 A CN 101350723A
- Authority
- CN
- China
- Prior art keywords
- verification
- code
- usb key
- dynamic password
- pin code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 154
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012545 processing Methods 0.000 claims description 2
- 230000008901 benefit Effects 0.000 abstract description 8
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 238000012546 transfer Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a USB Key device and a method of verification. The USB Key device comprises a card operating system which is used for receiving the indication of security verification and adopts the CPU and memory in the USB Key to complete the verification, and an indication input unit which is used for indicating the PIN code transmitted into the USB Key and the additional verification code aiming at the current operation. When the indication of security verification is received, the card operating system triggers the indication input unit, and receives and verifies the PIN code and the additional verification code. When the USB Key passes the verification, the security verification operation indicated by the indication of security verification is implemented. Compared with the prior art, the USB Key device and the method of verification has the advantages of better security, convenient and simple use, high efficiency, reliability, and obvious advantages.
Description
Technical Field
The invention relates to the technical field of information security, in particular to USB Key equipment and a method for realizing verification thereof.
Background
With the development of the internet, when users communicate and trade on the internet, their information security is increasingly threatened by hackers, network monitoring devices, viruses and other forms. The various losses associated with these threats have become a significant component of the cost of use. The key to realizing electronic commerce is to ensure the security and credibility of the system in the process of business activities. In order to establish a secure and trusted relationship between two communicating parties, the parties involved in network communications must prove their identity through some form of identity authentication mechanism. Currently, there are three forms of identity authentication mechanisms: a user name plus password mode, a biological characteristic identification technology (including fingerprints, voice, handwriting, iris and the like), and an identity authentication mode based on a USB Key.
The USB Key is a small and exquisite hardware device with a USB interface, is similar to a common USB flash disk in shape, is internally provided with a CPU, a memory and a Chip Operating System (COS), can store a secret Key or a digital certificate of a user, and realizes the authentication of the identity of the user by utilizing a cryptographic algorithm built in the USB Key.
The USB Key usually adopts an authentication mode of asymmetric Key encryption, and realizes the authentication of the user identity by using a public Key algorithm built in the USB Key. The USB Key can carry out e-mail encryption, digital signature, security certificate, Secure network login and access to the Secure network of an application Secure Socket Layer (SSL) protocol, and provides identity authentication, identity identification and information encryption services for a user. Because the user private Key is stored in the password lock of the USB Key and can not be read by any mode theoretically, the safety of user authentication is ensured. With the continuous popularization of internet electronic commerce, the USBKey is being recognized and used by more and more users with the advantages of safety, reliability, portability, convenient use and the like, and the application is very wide.
Because the USB Key is used as a Key storage, the hardware structure of the USB Key determines that a user can only access data through a manufacturer programming interface, so that the digital certificate stored in the USB Key cannot be copied, and each USB Key is protected by a PIN code, so that the hardware and the PIN code of the USB Key form two necessary factors capable of using the certificate. If the PIN code of the user is leaked, the hardware with the USB Key stored can protect the certificate of the user from being stolen, and if the USBKey of the user is lost, the acquirer cannot steal the certificate of the user in the USB Key because the acquirer does not know the PIN code of the hardware.
But the hardware of the USB Key and the PIN code cannot resist replay attacks. The replay attack means that on the side of a user computer, a hacker or a trojan program intercepts a PIN code message input by a computer client when the user uses a USB Key. When the USB Key is judged to be inserted into a computer, a hacker or a trojan program does not need to decode PIN code information, and only needs to resend the intercepted password, so that the USB Key can be called by the intercepted PIN code under the condition that a user does not know, illegal operation is carried out, and the benefit of the user is damaged.
Fig. 1 is a schematic diagram of a conventional USB Key being stolen during normal use.
Step 101, a user needs to perform online bank transfer through a client, and online bank needs to perform user identity authentication;
102, a user inputs a PIN code and uses a USB Key to perform identity authentication;
and 103, according to the identity authentication message of the USB Key of the user, the account transfer is successful after the authentication.
At the same time, the hacker or trojan horse program is also performing illegal operations:
step 101', a hacker or a trojan horse program monitors the input of a user keyboard to obtain a PIN code;
102', falsely using the user PIN code, and successfully passing the USB Key authentication;
and step 103', calling a USB Key to perform identity authentication, calling a private Key to sign a transfer message, and successfully transferring the account by a hacker or a Trojan horse program through online bank authentication, so that the user suffers loss.
The existing USB Key well solves the contradiction between safety and usability through an authentication mode combining PIN codes and USB hardware-software and hardware; however, a network hacker or trojan horse program can still access and steal the user USB Key in one case: a hacker or a trojan program intercepts a PIN code input by a user at a PC client side, judges that a USB Key is inserted into a computer, and can use the intercepted PIN code to call the USB Key under the condition that the user does not know, and use a private Key in the USB Key to sign an order or perform online transaction, so that lawbreakers can take advantage of the order.
Therefore, the existing solving technology has the defects that hackers or trojan programs do not need to crack the USB Key by invading the computer of a user, but intercept the PIN code of the user, and resend the message and steal the private Key of the user when the USB Key is inserted into the computer, thereby causing the loss of the user. One way to reduce this possibility is to remove it from the computer in a timely manner when the USB Key is not used, but this approach does not fundamentally solve the above-mentioned problem.
Disclosure of Invention
The embodiment of the invention provides USB Key equipment and a method for realizing verification thereof, aiming at solving the potential safety hazard of the existing USB Key.
A USB Key device, comprising a card operating system COS, used for receiving the operation instruction of the security verification, and calling CPU and memorizer in the USB Key to execute the authentication operation, the USB Key further comprises: the prompt input unit is used for prompting the input of a PIN code of the USB Key and an additional verification code aiming at the current operation;
and the card operating system COS is used for triggering a prompt input unit when the safety verification operation instruction is received, receiving and verifying the PIN code and the additional verification code, and executing the safety verification operation indicated by the safety verification operation instruction when the verification passes.
Wherein the additional verification code for the current operation is a dynamic password; the prompt input unit includes:
the dynamic password generating unit is used for generating a dynamic password aiming at the current operation after receiving the trigger notice from the card operating system and transmitting the dynamic password to the display unit;
and the display unit is used for displaying the dynamic password to a user.
Wherein the additional verification code for the current operation is a biometric identifier; the prompt input unit includes:
and the biological characteristic identification code acquisition unit is used for receiving the trigger notice from the card operating system, acquiring the biological characteristic identification code and transmitting the acquired biological characteristic identification code to the card operating system.
Wherein the biometric identifier comprises a fingerprint, voice, handwriting, and/or iris.
A method for realizing verification by applying a USB Key comprises the following steps:
receiving a safety verification operation instruction, and prompting to input a PIN (personal identification number) code of a USB Key and an additional verification code aiming at the current operation;
and verifying the received PIN code and the additional verification code, and if the verification is passed, executing the security verification operation indicated by the security verification operation instruction.
Wherein the additional verification code for the current operation is a dynamic password; after receiving the security verification operation instruction, the method further includes: generating a dynamic password aiming at the current operation and displaying the dynamic password to a user;
the step of verifying the received PIN code and additional verification code comprises: whether the PIN code from the client is accurate is verified, if so, whether the additional verification code from the client is consistent with a dynamic password generated after the USB Key receives a safety verification operation instruction is verified, and if so, the verification is passed; or,
the step of verifying the received PIN code and additional verification code comprises: the method comprises the steps of firstly verifying whether the additional verification code from a client side is consistent with a dynamic password generated after a USB Key receives a safety verification operation instruction, if so, verifying whether the PIN code from the client side is accurate, and if so, passing the verification; or,
the step of verifying the received PIN code and additional verification code comprises: and verifying whether the combination of the PIN code and the additional verification code from the client is consistent with the combination of the stored PIN code and the dynamic password generated after the USB Key receives the safety verification operation instruction, and if so, passing the verification.
Wherein the additional verification code for the current operation is a biometric identifier;
the step of verifying the received PIN code and additional verification code comprises: whether the PIN code from the client is accurate is verified, if so, whether the received biological characteristic identification code through the USB Key is the same as a prestored biological characteristic identification code is verified, and if so, the verification is passed; or,
the step of verifying the received PIN code and additional verification code comprises: firstly, verifying whether the biological characteristic identification code received through the USB Key is the same as a prestored biological characteristic identification code, if so, verifying whether the PIN code from the client is accurate, and if so, passing the verification; or,
the step of verifying the received PIN code and additional verification code comprises: and verifying whether the combination formed by the PIN code and the biological characteristic identification code and the stored PIN code and the stored biological characteristic identification code is consistent, and if so, passing the verification.
Wherein the biometric identifier comprises a fingerprint, voice, handwriting, and/or iris.
Wherein, if the verification fails, the method further comprises:
and judging whether the number of verification times exceeds a set verification time threshold, if so, ending the operation, otherwise, receiving the PIN code and the additional verification code again, and re-executing the verification operation.
And when the additional verification code is a dynamic password, the re-received dynamic password is the same as or different from the previously received dynamic password.
The invention provides a USB Key protection strategy of double factors of PIN code and additional verification code, thus ensuring that a user can not call the USB Key to sign or authenticate the identity by a Trojan horse program or a hacker under the condition that the user does not know the USB Key. The method avoids replay attack and impersonation operation, ensures that the interests of the user are not threatened, creates good internet communication and transaction environments, and effectively prevents the existence of loopholes in interactive operation. Therefore, compared with the traditional technology, the USB Key and the verification method thereof provided by the invention have better safety, are convenient and simple to use, still keep high efficiency and reliability, and have obvious advantages.
Drawings
FIG. 1 is a schematic diagram of a USB Key of the prior art being stolen during normal use;
FIG. 2 is a system diagram of a USB Key according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a USB Key that is protected from attacks during normal use according to an embodiment of the present invention;
FIG. 4 is a flowchart of a process for implementing authentication using a USB Key according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
The USB Key equipment provided by the invention comprises: the Card Operating System (COS), is used for receiving the safe operation instruction of verifying, call CPU and memorizer in the USB Key to carry out the authentication operation, the said USB Key also includes: the prompt input unit is used for prompting the input of a PIN code of the USB Key and an additional verification code aiming at the current operation; and the card operating system is used for triggering a prompt input unit when receiving the safety verification operation instruction, receiving and verifying the PIN code and the additional verification code, and executing the safety verification operation indicated by the safety verification operation instruction when the verification is passed.
The invention provides a USB Key protection strategy of double factors of PIN code and additional verification code, thus ensuring that a user can not call the USB Key to sign or authenticate the identity by a Trojan horse program or a hacker under the condition that the user does not know the USB Key. The potential safety hazard of the traditional USB Key is avoided, the benefit of a user is not threatened, a good internet communication and transaction environment is created, the vulnerability existing in interactive operation is effectively prevented, and the problem that the USB Key is used in the scene is solved.
FIG. 2 is a schematic diagram of a system structure of a USB Key according to an embodiment of the present invention.
The USB Key comprises the following parts: a USB KEY CPU 201, a Card Operating System (COS)202, a memory card 203, and a prompt input unit 204.
The USB Key CPU 201 is used for realizing various algorithms of data abstraction, data encryption and decryption and signature used in a Public Key Infrastructure (PKI) system, and the encryption and decryption operation is carried out in the USB Key, so that the secret Key is ensured not to appear in a computer memory, and the possibility that the secret Key of a user is intercepted by a hacker or a Trojan program is avoided.
The USB Key storage card 203 is a secure data storage space and is used for storing a private Key and a digital certificate of a user, the read-write operation of the storage space must be realized through a program, the user cannot directly read the private Key, and the private Key of the user cannot be derived, so that the possibility of copying the digital certificate or identity information of the user is avoided. The USB Key storage card 203 may be an EEPROM or a Flash.
The functions of the above two parts are the same as those of the prior art.
The Key point of the Card Operating System (COS)202 is that when the card operating system 202 receives the safety verification operation instruction, the prompt input unit 204 is triggered to receive and verify the PIN code and the additional verification code, and when the verification is passed, the safety verification operation indicated by the safety verification operation instruction is executed.
And a prompt input unit 204 for prompting the input of the PIN code of the USB Key and the additional verification code for the current operation.
The structure of the prompt input unit 204 varies depending on the additional verification code.
If the additional verification code is a dynamic password; the prompt input unit includes:
the dynamic password generating unit is used for generating a dynamic password aiming at the current operation after receiving the trigger notice from the card operating system and transmitting the dynamic password to the display unit; the dynamic password generating unit can run a special cryptographic algorithm, and the algorithm for generating the dynamic password is not limited;
and the display unit is used for displaying the dynamic password to a user.
If the additional verification code is a biological characteristic identification code; the prompt input unit includes:
and the biological characteristic identification code acquisition unit is used for receiving the trigger notice from the card operating system, acquiring the biological characteristic identification code and transmitting the acquired biological characteristic identification code to the card operating system. The biometric identifier includes, but is not limited to, a fingerprint, voice, handwriting, and/or iris.
In this case, the memory card already stores therein a biometric identifier for comparison.
The invention provides a method for realizing verification by applying a USB Key, which comprises the following steps: the USB Key receives a safety verification operation instruction, and prompts input of a PIN code of the USB Key and an additional verification code aiming at the current operation; and verifying the received PIN code and the additional verification code, and if the verification is passed, executing the security verification operation indicated by the security verification operation instruction. The invention provides a USB Key protection strategy of double factors of PIN code and additional verification code, thus ensuring that a user can not call the USB Key to sign or authenticate the identity by a Trojan horse program or a hacker under the condition that the user does not know the USB Key. The potential safety hazard of the traditional USB Key is avoided, the benefit of a user is not threatened, a good internet communication and transaction environment is created, the vulnerability existing in interactive operation is effectively prevented, and the problem that the USB Key is used in the scene is solved.
For convenience of description, the present invention will be described in detail below by taking the appended verification code as an example of the dynamic password.
Refer to fig. 3, which is a schematic diagram of a USB Key according to an embodiment of the present invention for preventing attacks during normal use.
Step 301, a user needs to perform online bank transfer through a client, and online bank needs to perform user identity authentication;
step 302, displaying a dynamic password a on an operation trigger USB Key;
step 303, the client prompts the user to input a password, and the user inputs a PIN code and a dynamic password a;
and step 304, after verifying that the PIN code input by the user and the dynamic password a pass through, the card operating system agrees to the user operation, and the user passes through the authentication according to the USB Key identity authentication message, so that the account transfer is successful.
Step 301', a hacker or a trojan horse program monitors the input of a user keyboard to obtain a PIN code and a dynamic password a;
step 302', falsely use the PIN code intercepted by the user and the dynamic password a to access the USB Key for identity authentication;
step 303', the new operation access triggers the dynamic password generation chip to generate a new password, at this time, the dynamic password b is displayed on the USB, the card operating system compares the PIN code + the dynamic password a input by the hacker or the trojan program with the current PIN code + the dynamic password b, the verification fails, and the misuse fails.
Referring to fig. 4, it is a flowchart of a process for implementing authentication by using a USB Key according to an embodiment of the present invention.
At step 403, a dynamic password for the current operation is generated and displayed to the user.
and step 405, verifying the received PIN code and the dynamic password, if the received PIN code and the dynamic password pass the verification, executing step 406, otherwise, executing step 407.
Here, the specific verification method may be one of the following methods, but is not limited thereto:
a. whether the PIN code from the client is accurate is verified, if so, whether the additional verification code from the client is consistent with a dynamic password generated after the USB Key receives a safety verification operation instruction is verified, and if so, the verification is passed;
b. the method comprises the steps of firstly verifying whether the additional verification code from a client side is consistent with a dynamic password generated after a USB Key receives a safety verification operation instruction, if so, verifying whether the PIN code from the client side is accurate, and if so, passing the verification;
c. and verifying whether the combination of the PIN code and the additional verification code from the client is consistent with the combination of the stored PIN code and the dynamic password generated after the USB Key receives the safety verification operation instruction, and if so, passing the verification.
And step 406, executing the security verification operation indicated by the security verification operation indication, such as signature, encryption, decryption, identity authentication operation, and the like, and ending.
It should be noted that there is also a possible implementation for step 407 in fig. 4: when the set verification time threshold is not exceeded, step 403 may be executed again, that is, the USB Key regenerates the dynamic password for the current operation and displays the dynamic password to the user, where the dynamic password re-input by the user through the client is different from the dynamic password input last time. That is to say, the dynamic password applied in each verification is different from the previous dynamic password, so that the security of the USB Key is better protected.
Step 407 is an optional step to avoid authentication failure due to user input error.
Therefore, in the embodiment of the invention, when an external part (client or trojan program) requests the USB Key to carry out signature or identity authentication, the dynamic password generation unit is triggered to generate the dynamic password and display the dynamic password on the USB display screen, meanwhile, the client pops up a dialog box to require a user to input the dynamic password at the moment, and after the verification is successful, the next signature or authentication operation is carried out, so that the potential safety hazard of replay attack is eliminated. After one security verification operation, the next dynamic password will be automatically changed, so that even if the Trojan horse program or hacker intercepts the last verification message (PIN code and last dynamic password), the USB Key cannot be called.
Because the dynamic password introduced in the embodiment of the invention is displayed through the USB Key, the dynamic password is convenient for a user to read when in use and is easy to input, and therefore, compared with the traditional USB Key, the dynamic password does not bring a new use threshold to the user. Especially, the randomness, the dynamic property and the uniqueness of the dynamic password effectively prevent hackers or trojan programs from guessing attacks, dictionary attacks and exhaustion attacks on the USB Key of the user.
Yet another possible implementation is that the additional verification code for the current operation is a biometric identifier, and the processing flow is similar to that of fig. 4, except that:
i. the step 403 is not required because the biometric identifier is used;
ii. In step 404, a PIN code input by the user through the client and a biometric identification code input through the USB Key are received, and the step of verifying the received PIN code and the appended verification code may be one of the following ways, but is not limited to this:
whether the PIN code from the client is accurate is verified, if so, whether the received biological characteristic identification code through the USB Key is the same as a prestored biological characteristic identification code is verified, and if so, the verification is passed; or,
firstly, verifying whether the biological characteristic identification code received through the USB Key is the same as a prestored biological characteristic identification code, if so, verifying whether the PIN code from the client is accurate, and if so, passing the verification; or,
and verifying whether the combination formed by the PIN code and the biological characteristic identification code and the stored PIN code and the stored biological characteristic identification code is consistent, and if so, passing the verification.
Similarly, the biometric identifier includes, but is not limited to, a fingerprint, voice, handwriting, and/or iris.
In the embodiment of the invention, when an external part (client or Trojan program) requests the USB Key to carry out signature or identity authentication, the biological characteristic identification code acquisition unit is triggered to acquire the biological characteristic identification code, and the next signature or authentication operation is carried out after the verification is successful, so that the potential safety hazard of replay attack is eliminated. After one time of security verification operation, the next operation also requires the user to input the biometric identification code through the USB Key, so that even if the Trojan program or hacker intercepts the last verification message, the USB Key cannot be called.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. The USB Key equipment comprises a Card Operating System (COS) and is used for receiving a safety verification operation instruction and calling a CPU (Central processing Unit) and a memory in the USB Key to execute authentication operation, and the USB Key further comprises: the prompt input unit is used for prompting the input of a PIN code of the USB Key and an additional verification code aiming at the current operation;
and the card operating system COS is used for triggering a prompt input unit when the safety verification operation instruction is received, receiving and verifying the PIN code and the additional verification code, and executing the safety verification operation indicated by the safety verification operation instruction when the verification passes.
2. The USB Key according to claim 1, wherein the additional verification code for the current operation is a dynamic password;
the prompt input unit includes:
the dynamic password generating unit is used for generating a dynamic password aiming at the current operation after receiving the trigger notice from the card operating system and transmitting the dynamic password to the display unit;
and the display unit is used for displaying the dynamic password to a user.
3. The USB Key according to claim 1, wherein the additional verification code for the current operation is a biometric identifier;
the prompt input unit includes:
and the biological characteristic identification code acquisition unit is used for receiving the trigger notice from the card operating system, acquiring the biological characteristic identification code and transmitting the acquired biological characteristic identification code to the card operating system.
4. The USB Key of claim 3, wherein the biometric identifier code includes a fingerprint, voice, handwriting, and/or iris.
5. A method for realizing verification by applying a USB Key is characterized by comprising the following steps:
receiving a safety verification operation instruction, and prompting to input a PIN (personal identification number) code of a USB Key and an additional verification code aiming at the current operation;
and verifying the received PIN code and the additional verification code, and if the verification is passed, executing the security verification operation indicated by the security verification operation instruction.
6. The method of claim 5, wherein the additional passcode for the current operation is a dynamic password; after receiving the security verification operation instruction, the method further includes: generating a dynamic password aiming at the current operation and displaying the dynamic password to a user;
the step of verifying the received PIN code and additional verification code comprises: whether the PIN code from the client is accurate is verified, if so, whether the additional verification code from the client is consistent with a dynamic password generated after the USB Key receives a safety verification operation instruction is verified, and if so, the verification is passed; or,
the step of verifying the received PIN code and additional verification code comprises: the method comprises the steps of firstly verifying whether the additional verification code from a client side is consistent with a dynamic password generated after a USB Key receives a safety verification operation instruction, if so, verifying whether the PIN code from the client side is accurate, and if so, passing the verification; or,
the step of verifying the received PIN code and additional verification code comprises: and verifying whether the combination of the PIN code and the additional verification code from the client is consistent with the combination of the stored PIN code and the dynamic password generated after the USB Key receives the safety verification operation instruction, and if so, passing the verification.
7. The method of claim 5, wherein the additional verification code for the current operation is a biometric identifier;
the step of verifying the received PIN code and additional verification code comprises: whether the PIN code from the client is accurate is verified, if so, whether the received biological characteristic identification code through the USB Key is the same as a prestored biological characteristic identification code is verified, and if so, the verification is passed; or,
the step of verifying the received PIN code and additional verification code comprises: firstly, verifying whether the biological characteristic identification code received through the USB Key is the same as a prestored biological characteristic identification code, if so, verifying whether the PIN code from the client is accurate, and if so, passing the verification; or,
the step of verifying the received PIN code and additional verification code comprises: and verifying whether the combination formed by the PIN code and the biological characteristic identification code and the stored PIN code and the stored biological characteristic identification code is consistent, and if so, passing the verification.
8. The method of claim 7, wherein the biometric identifier comprises a fingerprint, voice, handwriting, and/or iris.
9. The method of claim 5, wherein if the verification fails, further comprising:
and judging whether the number of verification times exceeds a set verification time threshold, if so, ending the operation, otherwise, receiving the PIN code and the additional verification code again, and re-executing the verification operation.
10. The method of claim 9, wherein when the additional authentication code is a dynamic password, the re-received dynamic password is the same as or different from a previously received dynamic password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101153649A CN101350723B (en) | 2008-06-20 | 2008-06-20 | USB Key equipment and method for implementing verification thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101153649A CN101350723B (en) | 2008-06-20 | 2008-06-20 | USB Key equipment and method for implementing verification thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101350723A true CN101350723A (en) | 2009-01-21 |
| CN101350723B CN101350723B (en) | 2010-09-08 |
Family
ID=40269324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101153649A Active CN101350723B (en) | 2008-06-20 | 2008-06-20 | USB Key equipment and method for implementing verification thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101350723B (en) |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101877246A (en) * | 2009-04-28 | 2010-11-03 | 许燕 | U disk encryption method |
| CN102025504A (en) * | 2010-11-23 | 2011-04-20 | 深圳市文鼎创数据科技有限公司 | Security authentication method and security authentication device |
| WO2011131152A1 (en) * | 2010-04-23 | 2011-10-27 | 国民技术股份有限公司 | Intelligent key apparatus, and system and method for improving security of network trade and authentication |
| CN102281256A (en) * | 2010-06-11 | 2011-12-14 | 上海薄荷信息科技有限公司 | Control method for validating junk information and corresponding control device |
| CN102315934A (en) * | 2010-07-06 | 2012-01-11 | 国民技术股份有限公司 | System and method for generating and transmitting picture identifying code under limited resource |
| CN102456102A (en) * | 2010-10-26 | 2012-05-16 | 镇江精英软件科技有限公司 | Method for carrying out identity recertification on particular operation of information system by using Usb key technology |
| CN102571810A (en) * | 2012-02-09 | 2012-07-11 | 赵淦森 | Dynamic password authentication method based on hardware digital certificate carrier and dynamic password authentication system thereof |
| CN102611551A (en) * | 2011-01-20 | 2012-07-25 | 深圳市文鼎创数据科技有限公司 | Physical authentication method, physical authentication device, and dynamic password token |
| CN102609656A (en) * | 2012-02-09 | 2012-07-25 | 赵淦森 | USB (universal serial bus) key safety enhancing method and USB key safety enhancing system based on image identification |
| CN102868531A (en) * | 2012-09-10 | 2013-01-09 | 武汉信安珞珈科技有限公司 | Networked transaction certification system and method |
| CN103107884A (en) * | 2013-01-07 | 2013-05-15 | 广州广电运通金融电子股份有限公司 | Authentication method and authentication device based on financial self-service equipment |
| CN103116720A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Universal serial bus (USB) Key device and account management method and authentication application method thereof |
| CN103117836A (en) * | 2011-11-10 | 2013-05-22 | 斯凯普公司 | Device association |
| CN103177365A (en) * | 2013-04-15 | 2013-06-26 | 姚彦林 | Intelligent device with USB (Universal Serial Bus) interface and safe transaction mode of intelligent device |
| CN103218565A (en) * | 2012-10-24 | 2013-07-24 | 东信和平科技股份有限公司 | Novel USB (universal serial bus) key and transaction method adopting same |
| CN103312509A (en) * | 2013-05-16 | 2013-09-18 | 彭汉儒 | Display method and display device of dynamic token and dynamic password |
| CN103377333A (en) * | 2012-04-25 | 2013-10-30 | 宋嘉佑 | Virtual and real identity verification circuit, system and electronic consumption method |
| CN103428000A (en) * | 2013-08-27 | 2013-12-04 | 深圳市文鼎创数据科技有限公司 | Information authentication method and system |
| CN103441854A (en) * | 2013-08-27 | 2013-12-11 | 深圳市文鼎创数据科技有限公司 | Link protection method and system |
| CN103810413A (en) * | 2014-03-05 | 2014-05-21 | 上海动联信息技术股份有限公司 | Check system and check method for avoiding USBKey password locking |
| CN104092671A (en) * | 2014-06-26 | 2014-10-08 | 安徽云盾信息技术有限公司 | Method for verifying legality of cloud shields in long-distance mode |
| CN104378206A (en) * | 2014-10-20 | 2015-02-25 | 中国科学院信息工程研究所 | Virtualization desktop safety certification method and system based on USB-Key |
| CN104717641A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团公司 | Digital signature generating method based on SIM card and SIM card |
| US9288229B2 (en) | 2011-11-10 | 2016-03-15 | Skype | Device association via video handshake |
| US9450930B2 (en) | 2011-11-10 | 2016-09-20 | Microsoft Technology Licensing, Llc | Device association via video handshake |
| CN106713275A (en) * | 2016-11-25 | 2017-05-24 | 北京无线电计量测试研究所 | USB Key identity authentication system and method integrating iris recognition function |
| CN106953726A (en) * | 2017-02-14 | 2017-07-14 | 上海林果实业股份有限公司 | A kind of message authentication method, message authentication device and host computer |
| CN108270769A (en) * | 2017-12-11 | 2018-07-10 | 中国电子科技集团公司第三十二研究所 | Websocket-based dual-factor authentication system and method |
| CN113315639A (en) * | 2021-07-05 | 2021-08-27 | 安徽中科晶格技术有限公司 | Identity authentication system and method |
| CN114077453A (en) * | 2020-08-04 | 2022-02-22 | 成都鼎桥通信技术有限公司 | Starting method and device of application system and terminal |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100542088C (en) * | 2005-08-11 | 2009-09-16 | 北京握奇数据系统有限公司 | A kind of physical certifying method and a kind of electronic installation |
| CN101159754A (en) * | 2007-09-28 | 2008-04-09 | 李华 | Internet application management system operating on intelligent mobile terminal |
-
2008
- 2008-06-20 CN CN2008101153649A patent/CN101350723B/en active Active
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101877246A (en) * | 2009-04-28 | 2010-11-03 | 许燕 | U disk encryption method |
| WO2011131152A1 (en) * | 2010-04-23 | 2011-10-27 | 国民技术股份有限公司 | Intelligent key apparatus, and system and method for improving security of network trade and authentication |
| CN102238171A (en) * | 2010-04-23 | 2011-11-09 | 国民技术股份有限公司 | Intelligent key device, and system and method for improving security of online transaction and authentication |
| CN102238171B (en) * | 2010-04-23 | 2014-03-19 | 国民技术股份有限公司 | Intelligent key device, and system and method for improving security of online transaction and authentication |
| CN102281256A (en) * | 2010-06-11 | 2011-12-14 | 上海薄荷信息科技有限公司 | Control method for validating junk information and corresponding control device |
| CN102315934A (en) * | 2010-07-06 | 2012-01-11 | 国民技术股份有限公司 | System and method for generating and transmitting picture identifying code under limited resource |
| CN102456102A (en) * | 2010-10-26 | 2012-05-16 | 镇江精英软件科技有限公司 | Method for carrying out identity recertification on particular operation of information system by using Usb key technology |
| CN102025504A (en) * | 2010-11-23 | 2011-04-20 | 深圳市文鼎创数据科技有限公司 | Security authentication method and security authentication device |
| CN102611551A (en) * | 2011-01-20 | 2012-07-25 | 深圳市文鼎创数据科技有限公司 | Physical authentication method, physical authentication device, and dynamic password token |
| US9894059B2 (en) | 2011-11-10 | 2018-02-13 | Skype | Device association |
| US9628514B2 (en) | 2011-11-10 | 2017-04-18 | Skype | Device association using an audio signal |
| CN103117836A (en) * | 2011-11-10 | 2013-05-22 | 斯凯普公司 | Device association |
| US9288229B2 (en) | 2011-11-10 | 2016-03-15 | Skype | Device association via video handshake |
| US9450930B2 (en) | 2011-11-10 | 2016-09-20 | Microsoft Technology Licensing, Llc | Device association via video handshake |
| CN103117836B (en) * | 2011-11-10 | 2016-12-07 | 斯凯普公司 | Method and apparatus for equipment association |
| CN103116720B (en) * | 2011-11-16 | 2016-02-24 | 航天信息股份有限公司 | A kind of USB Key device and account management thereof and checking using method |
| CN103116720A (en) * | 2011-11-16 | 2013-05-22 | 航天信息股份有限公司 | Universal serial bus (USB) Key device and account management method and authentication application method thereof |
| CN102571810B (en) * | 2012-02-09 | 2015-07-22 | 赵淦森 | Dynamic password authentication method based on hardware digital certificate carrier and dynamic password authentication system thereof |
| CN102571810A (en) * | 2012-02-09 | 2012-07-11 | 赵淦森 | Dynamic password authentication method based on hardware digital certificate carrier and dynamic password authentication system thereof |
| CN102609656A (en) * | 2012-02-09 | 2012-07-25 | 赵淦森 | USB (universal serial bus) key safety enhancing method and USB key safety enhancing system based on image identification |
| CN103377333A (en) * | 2012-04-25 | 2013-10-30 | 宋嘉佑 | Virtual and real identity verification circuit, system and electronic consumption method |
| CN110135855A (en) * | 2012-04-25 | 2019-08-16 | 简裕昌 | Actual situation authentication system |
| CN110135854A (en) * | 2012-04-25 | 2019-08-16 | 简裕昌 | Actual situation authentication circuit |
| CN102868531A (en) * | 2012-09-10 | 2013-01-09 | 武汉信安珞珈科技有限公司 | Networked transaction certification system and method |
| CN102868531B (en) * | 2012-09-10 | 2015-03-04 | 武汉信安珞珈科技有限公司 | Networked transaction certification system and method |
| CN103218565A (en) * | 2012-10-24 | 2013-07-24 | 东信和平科技股份有限公司 | Novel USB (universal serial bus) key and transaction method adopting same |
| CN103107884A (en) * | 2013-01-07 | 2013-05-15 | 广州广电运通金融电子股份有限公司 | Authentication method and authentication device based on financial self-service equipment |
| WO2014106372A1 (en) * | 2013-01-07 | 2014-07-10 | 广州广电运通金融电子股份有限公司 | Authentication method and apparatus based on financial self-service equipment |
| CN103107884B (en) * | 2013-01-07 | 2016-09-28 | 广州广电运通金融电子股份有限公司 | A kind of authentication method based on financial self-service equipment and device |
| CN103177365A (en) * | 2013-04-15 | 2013-06-26 | 姚彦林 | Intelligent device with USB (Universal Serial Bus) interface and safe transaction mode of intelligent device |
| CN103312509A (en) * | 2013-05-16 | 2013-09-18 | 彭汉儒 | Display method and display device of dynamic token and dynamic password |
| CN103441854A (en) * | 2013-08-27 | 2013-12-11 | 深圳市文鼎创数据科技有限公司 | Link protection method and system |
| CN103428000A (en) * | 2013-08-27 | 2013-12-04 | 深圳市文鼎创数据科技有限公司 | Information authentication method and system |
| CN104717641B (en) * | 2013-12-13 | 2019-01-08 | 中国移动通信集团公司 | A kind of digital signature generation method and SIM card based on SIM card |
| CN104717641A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团公司 | Digital signature generating method based on SIM card and SIM card |
| CN103810413A (en) * | 2014-03-05 | 2014-05-21 | 上海动联信息技术股份有限公司 | Check system and check method for avoiding USBKey password locking |
| CN104092671A (en) * | 2014-06-26 | 2014-10-08 | 安徽云盾信息技术有限公司 | Method for verifying legality of cloud shields in long-distance mode |
| CN104378206B (en) * | 2014-10-20 | 2017-09-12 | 中国科学院信息工程研究所 | A kind of virtual desktop safety certifying method and system based on USB Key |
| CN104378206A (en) * | 2014-10-20 | 2015-02-25 | 中国科学院信息工程研究所 | Virtualization desktop safety certification method and system based on USB-Key |
| CN106713275A (en) * | 2016-11-25 | 2017-05-24 | 北京无线电计量测试研究所 | USB Key identity authentication system and method integrating iris recognition function |
| CN106953726A (en) * | 2017-02-14 | 2017-07-14 | 上海林果实业股份有限公司 | A kind of message authentication method, message authentication device and host computer |
| CN108270769A (en) * | 2017-12-11 | 2018-07-10 | 中国电子科技集团公司第三十二研究所 | Websocket-based dual-factor authentication system and method |
| CN114077453A (en) * | 2020-08-04 | 2022-02-22 | 成都鼎桥通信技术有限公司 | Starting method and device of application system and terminal |
| CN113315639A (en) * | 2021-07-05 | 2021-08-27 | 安徽中科晶格技术有限公司 | Identity authentication system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101350723B (en) | 2010-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101350723B (en) | USB Key equipment and method for implementing verification thereof | |
| US8689290B2 (en) | System and method for securing a credential via user and server verification | |
| US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
| US20190281028A1 (en) | System and method for decentralized authentication using a distributed transaction-based state machine | |
| US9038196B2 (en) | Method for authenticating a user requesting a transaction with a service provider | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| CN102904719B (en) | The using method of a kind of USB-key and USB-key | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| US9055061B2 (en) | Process of authentication for an access to a web site | |
| US20110265156A1 (en) | Portable security device protection against keystroke loggers | |
| CN112651036B (en) | Identity authentication method based on collaborative signature and computer readable storage medium | |
| JP2004508619A (en) | Trusted device | |
| US20100257359A1 (en) | Method of and apparatus for protecting private data entry within secure web sessions | |
| US10686771B2 (en) | User sign-in and authentication without passwords | |
| WO2010049257A1 (en) | Dynamic pin verification for insecure environment | |
| KR102012262B1 (en) | Key management method and fido authenticator software authenticator | |
| US10333707B1 (en) | Systems and methods for user authentication | |
| JP5186648B2 (en) | System and method for facilitating secure online transactions | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN113872989A (en) | Authentication method and device based on SSL protocol, computer equipment and storage medium | |
| CN105873043B (en) | Method and system for generating and applying network private key for mobile terminal | |
| CN115529591B (en) | Authentication method, device, equipment and storage medium based on token | |
| JP2004206258A (en) | Multiple authentication system, computer program, and multiple authentication method | |
| CN108985079B (en) | Data verification method and verification system | |
| KR101296402B1 (en) | Registration method for mobile otp device using encrypted seed |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20151104 Address after: 100088, building 4, building 7, eight Street, Haidian District, Beijing, Patentee after: Beijing Tiancheng Shun Polytron Technologies Inc Address before: 100088 Beijing city Haidian District No. 6 Zhichun Road Jinqiu International Building block A 14 room 1401 Patentee before: Beijing iTrusChina Co., Ltd. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 100088, building 4, building 7, eight Street, Haidian District, Beijing, Patentee after: Beijing Tiancheng Anxin Technology Co., Ltd. Address before: 100088, building 4, building 7, eight Street, Haidian District, Beijing, Patentee before: Beijing Tiancheng Shun Polytron Technologies Inc |
|
| CP01 | Change in the name or title of a patent holder |