The system and method for management intelligent cipher key equipment
Technical field
The present invention relates to information security field, particularly a kind of system and method managing intelligent cipher key equipment.
Background technology
Intelligent cipher key equipment is widely used in the ecommerce such as Web bank, E-Government field, it is a kind of small hardware device with processor and memory, data communication interface by terminals such as such as computers is connected with terminal, utilize the built-in certification of key algorithm realization to user identity, usually store key and the digital certificate of user in intelligent cipher key equipment, user data (as personal document's data, photo etc. relate to the data of privacy of user) can also be stored.At present, along with the development of the universal of intelligent mobile terminal and wireless technology, the use of intelligent cipher key equipment is applied to mobile terminal from PC end gradually, and typical product is such as bluetooth-type intelligent cipher key equipment (bluetooth Key).
When intelligent cipher key equipment is lost, although can report the loss to provider and make up a new equipment, but there is safety issue in the key devices lost, the key devices lost is because None-identified is certainly as reporting the loss equipment, even if therefore report the loss equipment by provider to make up, but the key devices of this loss is still available devices, be easy to falsely used by the person of picking up or crack thus obtain privacy of user data.
Summary of the invention
For this reason, the invention provides a kind of system and method managing intelligent cipher key equipment, to solve the problem of data safety after hardware device loss.
One aspect of the present invention provides a kind of system managing intelligent cipher key equipment, comprising: comprise server and described intelligent cipher key equipment, wherein:
Described server comprises:
Memory module, is configured to the identification information and the status information of equipment that store described intelligent cipher key equipment;
Report the loss module, what be configured to submit to according to user reports the loss request, and the equipment state of described intelligent cipher key equipment is labeled as the state of reporting the loss; And
Processing module, be configured at described intelligent cipher key equipment by its equipment state of identification information-enquiry according to described intelligent cipher key equipment when terminal and described server communication, if its equipment state is the state of reporting the loss, then issue protection instruction to this intelligent cipher key equipment;
Described intelligent cipher key equipment comprises:
Protection module, is configured to receive and resolves the described protection instruction from described server, and performs protection operation according to described protection instruction,
Wherein said protection operation comprises the operation of the data removing described intelligent cipher key equipment storage inside.
Preferably, the identification information of described intelligent cipher key equipment is that described server is acquired by described terminal.
Preferably, in described server, described memory module is further configured to the corresponding relation between the identification information storing account and/or password and described intelligent cipher key equipment, described processing module is further configured to account and/or password according to being received from described terminal, utilizes described corresponding relation to find out the identification information of described intelligent cipher key equipment.
Preferably, in described server, described processing module is further configured to when the described identification information utilizing described corresponding relation to find out is not unique, obtains the identification information of described intelligent cipher key equipment from described terminal.
Preferably, described server comprises authentication module further, and described authentication module is configured to pass verifies whether the account of described user input and/or password effectively verify whether described user is authorized user.
Preferably, in described server, described authentication module is further configured to by verifying whether the account that described user inputs and/or password and name and/or identification card number effectively verify whether described user is authorized user.
Preferably, the data of described intelligent cipher key equipment storage inside comprise digital certificate, key and user data.
Preferably, described protection operation also comprises the various functions forbidding described intelligent cipher key equipment and the operation of reporting the loss state in described intelligent cipher key equipment internal labeling.
Preferably, described intelligent cipher key equipment is bluetooth key, and the identification information of described intelligent cipher key equipment comprises: No. ID, MAC Address, unique sequence numbers or other self-defining there is uniquely identified information.
The present invention also provides a kind of method managing intelligent cipher key equipment on the other hand, comprising:
The identification information of server stores intelligent cipher key equipment and status information of equipment;
What described server was submitted to according to user reports the loss request, and the equipment state of described intelligent cipher key equipment is labeled as the state of reporting the loss;
At described intelligent cipher key equipment by its equipment state of identification information-enquiry according to described intelligent cipher key equipment when terminal and described server communication, if its equipment state is the state of reporting the loss, then issue protection instruction to this intelligent cipher key equipment;
Described intelligent cipher key equipment receives and resolves the described protection instruction from described server, and performs protection operation according to described protection instruction,
Wherein said protection operation comprises the operation of the data removing described intelligent cipher key equipment storage inside.
Preferably, the identification information of described intelligent cipher key equipment is that described server is acquired by described terminal.
Preferably, the method comprises further:
Described server is according to the account and/or the password that are received from described terminal, and the corresponding relation between the identification information of the account utilizing it to store and/or password and described intelligent cipher key equipment finds out the identification information of described intelligent cipher key equipment.
Preferably, the method comprises further:
Described server, when the described identification information utilizing described corresponding relation to find out is not unique, obtains the identification information of described intelligent cipher key equipment from described terminal.
Preferably, the method comprises described server further by verifying whether the account that described user inputs and/or password effectively verify whether described user is authorized user.
Preferably, the method comprises described server further by verifying whether the account that described user inputs and/or password and name and/or identification card number effectively verify whether described user is authorized user.
Preferably, described protection operation also comprises the various functions forbidding described intelligent cipher key equipment and the operation of reporting the loss state in described intelligent cipher key equipment internal labeling.
According to system or the method for management intelligent cipher key equipment provided by the present invention; if there is the situation losing intelligent cipher key equipment; equipment state is labeled as by submitting the request of reporting the loss to the state of reporting the loss by user on the server; and afterwards once intelligent cipher key equipment is by terminal and described server communication; server just can inquire its equipment state for the state of reporting the loss according to the identification information of equipment; and make device clear internal data by issuing protection instruction, ensure secure user data.
Accompanying drawing explanation
Fig. 1 is the structural representation of the system of the management intelligent cipher key equipment of the embodiment of the present invention.
Fig. 2 is the schematic flow sheet of the method for the management intelligent cipher key equipment of the embodiment of the present invention.
Embodiment
For making those skilled in the art understand the present invention better, with reference to the accompanying drawings embodiments of the invention are described in detail.
Fig. 1 is the structural representation of the system of the management intelligent cipher key equipment of the embodiment of the present invention.As shown in Figure 1, the system of management intelligent cipher key equipment, comprises server 10 and intelligent cipher key equipment 20 (for convenience of describing, being also called for short " equipment " below), wherein:
Server 10 comprises:
Memory module, is configured to the identification information and the status information of equipment that store intelligent cipher key equipment 20; Wherein, status information of equipment can comprise normal condition, report the loss state, is defaulted as normal condition;
Report the loss module, what be configured to submit to according to user reports the loss request, and the equipment state of intelligent cipher key equipment 20 is labeled as the state of reporting the loss; And
Processing module, is configured to when intelligent cipher key equipment 20 is communicated with server 10 by terminal 30 according to its equipment state of the identification information-enquiry of intelligent cipher key equipment 20, if its equipment state is the state of reporting the loss, then issues protection instruction to intelligent cipher key equipment 20;
Intelligent cipher key equipment 20 comprises:
Protection module, is configured to receive and resolves the protection instruction from server 10, and performs protection operation according to protection instruction, and wherein protection operation comprises the operation of the data removing intelligent cipher key equipment 20 storage inside.
According to the system of the present embodiment; when equipment is lost; user can submit the request of reporting the loss to; and afterwards once intelligent cipher key equipment 20 is communicated with server 10 by terminal 30; server 10 just can inquire its equipment state for the state of reporting the loss according to the identification information of equipment 20; and make equipment 20 protected to remove internal data by issuing protection instruction, protect secure user data.
In the present embodiment, user submits to the mode of request of reporting the loss can have multiple specific implementation, specifically: user can by the account of input and/or password login server 10, server 10 inquires equipment 20 (such as, identification information by equipment 20), then user submits the request of this equipment state of change to; Or submit to after user login services device 10 and report the loss request, report the loss in request the identification information containing this equipment 20, server 10 directly carries out according to the request of reporting the loss the operation changing equipment state; Or user submits to directly to server 10 and reports the loss request, reports the loss in request the identification information containing account and/or password and this equipment 20, server 10 judge to report the loss in request account and/or password effectively after this equipment state is changed to the state of reporting the loss; Again or, user can also after Successful login server 10, and equipment state is labeled as the state of reporting the loss by the user interface provided by server 10; Even in some cases, user can submit to it to report the loss request by the mode such as phone, interview to the contact staff of service provider, after its request of reporting the loss submitted to is by examination & verification, by the technician of service provider one side, the equipment state of this equipment 20 stored in server 10 is modified as the state of reporting the loss.
For guaranteeing the safety and effectiveness reporting the loss operation better, user is preferably the authorized user verified through server 10, thus server 10 correspondingly can comprise authentication module, whether authentication module whether effectively to carry out authentication of users be authorized user if being configured to pass the account of authentication of users input and/or password.For guaranteeing to submit to the user of the request of reporting the loss to be authorized user further, preferably, whether whether the account that inputted by authentication of users of the authentication module of server 10 and/or password and name and/or identification card number effectively carry out authentication of users is authorized user.
The identification information of intelligent cipher key equipment 20 can be that server 10 is acquired by terminal 30.When the equipment lost is obtained by unauthorized user; once equipment is communicated with server 10 by terminal by unauthorized user; server 10 is just by the identification information of terminal 30 equipment 20; such server 10 can by identification information-enquiry to status information of equipment; and when discovering device state is for reporting the loss state, send protection instruction to equipment 20.
Protection operation specifically can comprise the operation of removing the data that device interior stores, and wherein the data of intelligent cipher key equipment 20 storage inside can comprise digital certificate, key and user data, can also comprise status information of equipment and instructions parse algorithm; Secure user data is ensured to maximize.
The various functions of disablement device 20 can also be comprised to the protection operation of equipment 20 and report the loss the operation of state in equipment internal labeling; Thus can make equipment 20 can not use by unauthorized user.
When inquiring the normal condition of equipment state not for the state of reporting the loss, server 10 can with equipment 20 proper communication.
Typical intelligent cipher key equipment 20 is such as bluetooth key.The identification information of equipment 20 can include but not limited to: No. ID, MAC Address, unique sequence numbers or other self-defining there is uniquely identified information.
Server 10 can be physical server or the Cloud Server of networking.
In the system of the management intelligent cipher key equipment of another embodiment of the present invention, memory module in server can also store account and/or the corresponding relation between password and the identification information of intelligent cipher key equipment, processing module can also, according to account and/or the password being received from terminal, utilize corresponding relation to find out the identification information of intelligent cipher key equipment.In not only device losses, and account and/or password are also by the above-mentioned situation revealed, and server also can find out the identification information of equipment according to corresponding relation, and then inquires status information of equipment.Visible, the present embodiment also can ensure secure user data in these cases well.
In the system of another embodiment of the present invention, the processing module in server when the identification information utilizing corresponding relation to find out is not unique, can also obtain the identification information of intelligent cipher key equipment from terminal.In other words, in some cases, single account and/or corresponding codon pair have answered multiple equipment, namely, now by this account and/or the corresponding cipher inquiry identification information to multiple equipment, in the case, server can determine equipment state by the identification information obtaining intelligent cipher key equipment from terminal.
As shown in Figure 2, the embodiment of the present invention additionally provides a kind of method managing intelligent cipher key equipment, comprising:
The identification information of server stores intelligent cipher key equipment and status information of equipment;
What server was submitted to according to user reports the loss request, and the equipment state of intelligent cipher key equipment is labeled as the state of reporting the loss;
At intelligent cipher key equipment by its equipment state of identification information-enquiry according to intelligent cipher key equipment when terminal and server communication, if its equipment state is the state of reporting the loss, then issue protection instruction to this intelligent cipher key equipment;
Intelligent cipher key equipment receives and resolves the protection instruction from server, and performs protection operation according to protection instruction,
Wherein protection operation comprises the operation of the data removing intelligent cipher key equipment storage inside.
Pass through said method; after the intelligent cipher key equipment lost " is reported the loss " by user on the server; for this equipment being again connected to server by terminal; server can check equipment state; if be the state of reporting the loss; then send protection instruction to this equipment, ensure the safety of data in equipment well.
In addition, protection operation can also comprise the various functions of forbidding intelligent cipher key equipment and report the loss the operation of state in intelligent cipher key equipment internal labeling.Make the intelligent cipher key equipment lost can not be continued to use by unauthorized user.
For the acquisition of the identification information of equipment, as in embodiment above, can be acquired by terminal by server.In addition, also can by server according to the account and/or the password that are received from terminal, the account utilizing it to store and/or the corresponding relation between password and the identification information of intelligent cipher key equipment find out the identification information of intelligent cipher key equipment; When the identification information found out is not unique, server can obtain the identification information of intelligent cipher key equipment further from terminal.
The identification information of intelligent cipher key equipment can include but not limited to: No. ID, MAC Address, unique sequence numbers or other self-defining there is uniquely identified information.
For guaranteeing that the user submitting the request of reporting the loss to has corresponding authority, the identity that server generally tackles user is verified, whether whether the account such as inputted by authentication of users and/or password and name and/or identification card number effectively carry out authentication of users is authorized user.
The present invention is not limited to above-mentioned specific embodiment; do not deviating under the present invention's spirit and real situation thereof; those of ordinary skill in the art can make various corresponding change and distortion according to the present invention, but these corresponding changes and distortion all should belong within the protection range of claims of the present invention.