CN103310143B - A kind of worker's identification authentication method based on ROM (read-only memory) - Google Patents
A kind of worker's identification authentication method based on ROM (read-only memory) Download PDFInfo
- Publication number
- CN103310143B CN103310143B CN201310161296.0A CN201310161296A CN103310143B CN 103310143 B CN103310143 B CN 103310143B CN 201310161296 A CN201310161296 A CN 201310161296A CN 103310143 B CN103310143 B CN 103310143B
- Authority
- CN
- China
- Prior art keywords
- read
- rom
- operation system
- memory
- personal information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of worker's identification authentication method based on ROM (read-only memory), it comprises the steps, 1 by ROM (read-only memory) corresponding for the write of the information of employee; 2: in secure service system, setting can open the enterprise of this secure service system, individual and access rights, and set worker's authentication logic according to the enterprise that can open this secure service system of above-mentioned setting, individual and access rights; 3: above-mentioned ROM (read-only memory) is inserted computer by employee, and enters the secure service system needing authentication, and described secure service system carries out worker's certification; 4: if the company information in ROM (read-only memory), personally identifiable information and access authority information have passed worker's certification, then operation system is decrypted.The method adopts the firmware certification of worker, can alleviate the input of enterprise in authentication, improves the reliability of relative program cryptoguard.<!--1-->
Description
Technical field
The present invention relates to authentification of message technical field, refer to a kind of worker's identification authentication method based on ROM (read-only memory) particularly.
Background technology
In a lot of enterprise, various KXG is many in the extreme, the such as office automation system, production and operation system, financial system and performance appraisal system etc., along with each enterprise more and more payes attention to lean management, the information system of relevant specification employee work order is many in the extreme.Great majority are free on the independent table program outside network, not only safety but also the way of maintaining secrecy.And to the information management system in most of outsourcing or different department, usually also need to repeat to build a set of demographic data storehouse.But, exploitation, safeguard with to dispose the cost in demographic data storehouse quite high, and between system platform, also can there is the asynchronous problems of renewal such as information redundancy, information is inconsistent.
Current infosystem, concerning user, has a lot of user names and password to remember, easily obscures, especially to one month, a season, even within 1 year, just by infosystem once, as the system of performance appraisal class, forgetting Password also was ordinary affair.And the leakage of a state or party secret easily occurring Personal Finance password mixed with working password and cause.
Summary of the invention
Object of the present invention is exactly to provide a kind of worker's identification authentication method based on ROM (read-only memory), and the method adopts the firmware certification of worker, can alleviate the input of enterprise in authentication, improves the reliability of relative program cryptoguard.
For realizing this object, the worker's identification authentication method based on ROM (read-only memory) designed by the present invention, it is characterized in that, it comprises the steps:
Step 1: by ROM (read-only memory) corresponding for the write of the personal information of enterprise staff, and make different enterprise staff have different unique identification informations;
Step 2: setting can enter the personal information requirement of this operation system in the operation system needing certification;
Step 3: the ROM (read-only memory) of personal information that what step 1 obtained by enterprise staff be written with inserts computer, and open the operation system needing certification, this operation system read employee's personal information that slotting ROM (read-only memory) is recorded, by requiring to compare certification with the personal information that can enter this operation system that arranges in step 2, if employee's personal information that ROM (read-only memory) is recorded meets the personal information requirement entering this operation system, then allow to enter this operation system; Otherwise refusal enters this operation system.
When writing personal information in described step 1 in ROM (read-only memory), be provided with two-stage input password, the unique identification information of first order input cryptographic binding enterprise, second level input cryptographic binding employee information, described first order input password is had by developer, and the second pole input password is by enterprise's sets itself.
Described personal information comprises personally identifiable information, access authority information and employee place company information, described access authority information according to employee in the different access level of the position setting of enterprise.
In described step 1, the personal information of enterprise staff is with in the ROM (read-only memory) of the form of unique encryption write correspondence.
In described step 1, the storage format of the personal information of enterprise staff needs to customize according to enterprise self.
Comparison verification process in described step 3 realizes Logic judgment in described operation system.
The described operation system of certification that needs is the various desktop software, network system and the encrypted document that have personnel's restrict access.
In described step 1, in the ROM (read-only memory) of correspondence, also access service system list is specified in write; In described step 3, first described operation system judges that whether self is the operation system in above-mentioned list, if so, then directly enters this operation system, if not, then enters follow-up employee's personal information and compare verification process.
In described step 1 also by described operation system carry out string format together with corresponding operation system title within a definite time after write in corresponding ROM (read-only memory); In described step 2, in described operation system, also setting can enter the appointed day of this operation system; In described step 3, first described operation system judges the current date whether within the above-mentioned appointed day, and if so, then proceed follow-up employee's personal information and compare verification process, if not, then the access of described operation system is interrupted.
Described encrypted document is Word or Excel document, in described Word or Excel document, inject VBA authentication codes realize carrying out firmware encrypting mandate to Word or Excel document in batches, Word after processing above or Excel document, only just can open this Word or Excel document when being equipped with corresponding ROM (read-only memory) and identity set when meeting file encryption requires.
Beneficial effect of the present invention is:
1) remove cipher authentication process when employee enters system from, simplify working program, increase work efficiency;
2) problem such as password loss, code obfuscation under enterprise's multisystem working environment is avoided;
3) reduce in the operation system exploitations such as enterprise's bulk information, finance, management, production and operation, performance, repetition, a large amount of personal information cost of development and maintenance cost; Meanwhile, database and network design cost is also reduced;
Accompanying drawing explanation
Fig. 1 is the process of automatically carrying out Certificate Authority in Word and Excel software.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail:
Worker's identification authentication method based on ROM (read-only memory) of the present invention's design, it comprises the steps:
Step 1: by ROM (read-only memory) corresponding for the write of the personal information of enterprise staff, and make different enterprise staff have different unique identification informations; ROM (read-only memory) is made to become worker's identification card after above-mentioned information write ROM (read-only memory);
Step 2: setting can enter the personal information requirement of this operation system in the operation system needing certification;
Step 3: the ROM (read-only memory) of personal information that what step 1 obtained by enterprise staff be written with inserts computer, and open the operation system needing certification, this operation system read employee's personal information that slotting ROM (read-only memory) is recorded, by requiring to compare certification with the personal information that can enter this operation system that arranges in step 2, if employee's personal information that ROM (read-only memory) is recorded meets the personal information requirement entering this operation system, then allow to enter this operation system; Otherwise refusal enters this operation system.
In technique scheme, when writing personal information in described step 1 in ROM (read-only memory), be provided with two-stage input password, the unique identification information of first order input cryptographic binding enterprise, second level input cryptographic binding employee information, described first order input password is had by developer, and the second pole input password is by enterprise's sets itself.
In technique scheme, described personal information comprises personally identifiable information, access authority information and employee place company information, described access authority information according to employee in the different access level of the position setting of enterprise.
In technique scheme, in described step 1, the personal information of enterprise staff is with in the ROM (read-only memory) of the form of unique encryption write correspondence.Do not have developer and enterprise personnel department to authorize, even if illegal exploitation memory access software, cannot crack the identity information of employee yet.
In technique scheme, in described step 1, the storage format of the personal information of enterprise staff needs to customize according to enterprise self.
In technique scheme, the comparison verification process in described step 3 realizes Logic judgment in described operation system.Can't help ROM (read-only memory) access read-only data storehouse realize.Set the identity entering secure service system in described step 2 to require to be set flexibly voluntarily by operation system developer completely, multiple requirements of identity aspect can be set simultaneously.
In technique scheme, the described operation system of certification that needs is the various desktop software, network system and the encrypted document that have personnel's restrict access.
In the step 1 of technique scheme, in the ROM (read-only memory) of correspondence, also access service system list is specified in write; In described step 3, first described operation system judges that whether self is the operation system in above-mentioned list, if so, then directly enters this operation system, if not, then enters follow-up employee's personal information and compare verification process.Above-mentioned appointment access secure service system list has limit priority.
In the described step 1 of technique scheme also by described operation system carry out string format together with corresponding operation system title within a definite time after write in corresponding ROM (read-only memory); In described step 2, in described operation system, also setting can enter the appointed day of this operation system; In described step 3, first described operation system judges the current date whether within the above-mentioned appointed day, and if so, then proceed follow-up employee's personal information and compare verification process, if not, then the access of described operation system is interrupted.
Employee's personal information in the step 1 of technique scheme only has enterprise personnel department to have setting and the approach revised, and other all application developer all can not revise the identity information described in ROM (read-only memory).Ensure the right of the setting that enterprise personnel department is unique and amendment except providing the ROM (read-only memory) information burning application software of specialty, the Crypted password also needing enterprise self-determining setting just can insert information.
Technique scheme changes each software in the past into software to the mode that user carries out cipher authentication and automatically carries out binding authentication to worker's identification card, can save the development and maintenance amount about employee information this part in secure service system.
In technique scheme, also in ROM (read-only memory), write enterprise's unique identifier, this unique identifier is made up of through encryption two-stage password, developer and enterprise have level password separately, thus both can ensure its unique identification, enterprise self-determining right can be ensured again, make firmware provider can not without authorization for enterprise staff carries out the product of worker's card.
In technique scheme, adopt the cipher mode that carries of encryption ROM (read-only memory) to write to ciphering type ROM (read-only memory), be decrypted by ROM (read-only memory) the security ensureing information equally again when information reads.To non-encrypted property firmware, byte mode directly can be adopted to carry out write read operation, also can be undertaken adding or decryption processing by the mode of software cryptography.
In technique scheme, by the method for step 1, unique worker's identification card is made to each employee.
In technique scheme, described encrypted document is Word or Excel document, in described Word or Excel document, inject VBA(VisualBasicforApplications) authentication codes realize batch firmware encrypting mandate is carried out to Word or Excel document, Word after processing above or Excel document, only just can open this Word or Excel document when being equipped with corresponding ROM (read-only memory) and identity set when meeting file encryption requires.
Introduce conventional secure service software Word and Excel below, automatically carry out the process of Certificate Authority, as shown in Figure 1, this process comprises the steps:
Step SS201: select the document that will be encrypted mandate, multiple Word and Excel file can be selected in batches; The authorization options of document is set:
1: can select enterprise customer's authority, as long as enterprise personnel just can be accessed like this, the personnel not being equipped with worker's identification card or the employee holding other enterprise identity identification card can not open these documents;
2: can limit some departments of enterprise and access these documents, the identification card corresponding to the personnel of non-designated department cannot open these documents;
3: the identification card corresponding to employee that can limit certain academic title's post accesses these documents, the identification card corresponding to personnel of non-designated academic title's post cannot open these documents;
4: the identification card corresponding to employee being greater than, being equal to or less than a certain given authorization mechanism can be limited and access these documents, worker's identification card is written with the grade of every employee by personnel department, when employee hold the identification card that rank do not satisfy condition time cannot open these documents;
5: can also lock the identification card access document corresponding to some concrete people, other can not be accessed per capita;
More complicated authentication logic can be set up neatly according to actual needs;
Step SS202: set by above-mentioned mandate, encipheror automatically can generate VBA(VisualBasicforApplications) authentication codes;
Step SS203: be written in document by above-mentioned VBA authentication codes, the access library of identification card joined document reference simultaneously, and event response code when opening as document, when such document is opened, can carry out certification by Automatically invoked VBA authentication codes.
Step SS204: in order to prevent the document after distributing to be tampered, need to carry out a read lock to document, after ensureing the security of document, the encrypted work that can complete document carries out document biography and sends out.
The content that this instructions is not described in detail belongs to the known prior art of professional and technical personnel in the field.
Claims (5)
1., based on worker's identification authentication method of ROM (read-only memory), it is characterized in that, it comprises the steps:
Step 1: by ROM (read-only memory) corresponding for the write of the personal information of enterprise staff, and make different enterprise staff have different unique identification informations;
Step 2: setting can enter the personal information requirement of this operation system in the operation system needing certification;
Step 3: the ROM (read-only memory) of personal information that what step 1 obtained by enterprise staff be written with inserts computer, and open the operation system needing certification, this operation system read employee's personal information that slotting ROM (read-only memory) is recorded, by requiring to compare certification with the personal information that can enter this operation system that arranges in step 2, if employee's personal information that ROM (read-only memory) is recorded meets the personal information requirement entering this operation system, then allow to enter this operation system; Otherwise refusal enters this operation system;
When writing personal information in described step 1 in ROM (read-only memory), be provided with two-stage input password, the unique identification information of first order input cryptographic binding enterprise, second level input cryptographic binding employee information, described first order input password is had by developer, and the second pole input password is by enterprise's sets itself;
Comparison verification process in described step 3 realizes Logic judgment in described operation system;
The described operation system of certification that needs is the various desktop software, network system and the encrypted document that have personnel's restrict access;
In described step 1, in the ROM (read-only memory) of correspondence, also access service system list is specified in write; In described step 3, first described operation system judges that whether self is the operation system in above-mentioned list, if so, then directly enters this operation system, if not, then enters follow-up employee's personal information and compare verification process;
Described encrypted document is Word or Excel document, in described Word or Excel document, inject VBA authentication codes realize carrying out firmware encrypting mandate to Word or Excel document in batches, Word after processing above or Excel document, only just can open this Word or Excel document when being equipped with corresponding ROM (read-only memory) and identity set when meeting file encryption requires.
2. the worker's identification authentication method based on ROM (read-only memory) according to claim 1, it is characterized in that: described personal information comprises personally identifiable information, access authority information and employee place company information, described access authority information according to employee in the different access level of the position setting of enterprise.
3. the worker's identification authentication method based on ROM (read-only memory) according to claim 1, is characterized in that: in described step 1, the personal information of enterprise staff is with in the ROM (read-only memory) of the form of unique encryption write correspondence.
4. the worker's identification authentication method based on ROM (read-only memory) according to claim 1, is characterized in that: in described step 1, the storage format of the personal information of enterprise staff customizes according to enterprise self needs.
5. the worker's identification authentication method based on ROM (read-only memory) according to claim 1, is characterized in that: in described step 1 also by described operation system carry out string format together with corresponding operation system title within a definite time after write in corresponding ROM (read-only memory); In described step 2, in described operation system, also setting can enter the appointed day of this operation system; In described step 3, first described operation system judges the current date whether within the above-mentioned appointed day, and if so, then proceed follow-up employee's personal information and compare verification process, if not, then the access of described operation system is interrupted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310161296.0A CN103310143B (en) | 2013-05-03 | 2013-05-03 | A kind of worker's identification authentication method based on ROM (read-only memory) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310161296.0A CN103310143B (en) | 2013-05-03 | 2013-05-03 | A kind of worker's identification authentication method based on ROM (read-only memory) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103310143A CN103310143A (en) | 2013-09-18 |
| CN103310143B true CN103310143B (en) | 2016-01-13 |
Family
ID=49135350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310161296.0A Active CN103310143B (en) | 2013-05-03 | 2013-05-03 | A kind of worker's identification authentication method based on ROM (read-only memory) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103310143B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1766884A (en) * | 2004-10-27 | 2006-05-03 | 株式会社理光 | Document-management service device, authentication service device, document-management service program, authentication service program, recording medium, document-management service method, and authen |
| CN1912795A (en) * | 2005-08-12 | 2007-02-14 | 北京中天一维科技有限公司 | Identity authentication method and system of off-line information read-write competence based on fingerprint indentification |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8909701B2 (en) * | 2003-05-02 | 2014-12-09 | Nokia Corporation | IMS conferencing policy logic |
| JP4466660B2 (en) * | 2007-02-20 | 2010-05-26 | コニカミノルタビジネステクノロジーズ株式会社 | Authentication device, authentication system, authentication method, and authentication program |
-
2013
- 2013-05-03 CN CN201310161296.0A patent/CN103310143B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1766884A (en) * | 2004-10-27 | 2006-05-03 | 株式会社理光 | Document-management service device, authentication service device, document-management service program, authentication service program, recording medium, document-management service method, and authen |
| CN1912795A (en) * | 2005-08-12 | 2007-02-14 | 北京中天一维科技有限公司 | Identity authentication method and system of off-line information read-write competence based on fingerprint indentification |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103310143A (en) | 2013-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102542981B1 (en) | Method and system for controlling the performance of contracts using distributed hash tables and peer-to-peer distributed ledgers | |
| CN102236766B (en) | Security data item level database encryption system | |
| US20100325732A1 (en) | Managing Keys for Encrypted Shared Documents | |
| CN106055993A (en) | Encryption storage system for block chains and method for applying encryption storage system | |
| US20110289322A1 (en) | Protected use of identity identifier objects | |
| US20070165860A1 (en) | Method for issuing ic card storing encryption key information | |
| CN102710633A (en) | Cloud security management system of security electronic documents and method | |
| CN103502994A (en) | Method for handling privacy data | |
| US20100037047A1 (en) | Method for Controlling Access to File Systems, Related System, Sim Card and Computer Program Product for Use therein | |
| US10713388B2 (en) | Stacked encryption | |
| Zhang et al. | Using blockchain to protect personal privacy in the scenario of online taxi-hailing | |
| CN102812473A (en) | Executable Identity Based File Access | |
| CN104333545A (en) | Method for encrypting cloud storage file data | |
| CN107358122A (en) | The access management method and system of a kind of data storage | |
| CN104778954B (en) | A kind of CD subregion encryption method and system | |
| Mavrovouniotis et al. | Hardware security modules | |
| Neame | Privacy protection in personal health information and shared care records | |
| CN105160272B (en) | A kind of safe encryption method and system based on autonomous controlled data library | |
| CN102831335B (en) | A kind of method for security protection of Windows operating system and system | |
| CN103729582A (en) | Safety storage management method and system based on checks and balances | |
| CN110889121A (en) | Method, server and storage medium for preventing data leakage | |
| CN102202057B (en) | System and method for safely dumping data of mobile memory | |
| CN101655893B (en) | Manufacture method of intelligent blog lock, Blog access control method and system thereof | |
| WO2015154469A1 (en) | Database operation method and device | |
| CN103310143B (en) | A kind of worker's identification authentication method based on ROM (read-only memory) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |