CN105554013A - Separate identity authentication apparatus based on USB device, system and method - Google Patents
Separate identity authentication apparatus based on USB device, system and method Download PDFInfo
- Publication number
- CN105554013A CN105554013A CN201511020343.5A CN201511020343A CN105554013A CN 105554013 A CN105554013 A CN 105554013A CN 201511020343 A CN201511020343 A CN 201511020343A CN 105554013 A CN105554013 A CN 105554013A
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- parts
- module
- usb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a separate identity authentication apparatus based on a USB device, a system and a method. The authentication apparatus comprises a secure computing component and a user verification component, which are separately arranged. The system comprises the separate identity authentication apparatus based on the USB device, as well as an intelligent terminal and an FIDO server. The method comprises a binding step and a payment step. The separate identity authentication apparatus based on the USB device is provided for overcoming the problem that the existing authentication apparatus has insufficient convenience and universality, the separate identity authentication apparatus is realized according to the FIDO standard, can be not only compatible with other Fido products, and can also be applicable in a variety of application scenes, especially in a television payment application scene, therefore the user experience is enhanced. The separate identity authentication apparatus disclosed by the invention can be widely used in various television payment systems.
Description
Technical field
The present invention relates to field of information security technology, be specifically related to the identification authentication system in a kind of complex network environment (the Internet, Internet of Things) and method.
Background technology
FIDO:FastIdentityOnline, quick authentication on line is an authentication standard.
UAF:UniversalAuthenticationFramework, universal authentication framework, the one of FIDO agreement two kinds of specifications.
U2F:UniversalSecondFactor, general factor Ⅱ, the one of FIDO agreement two kinds of specifications.
UKey: it is a kind of small memory device being directly connected with computer by USB, having cryptographic authorization functions, reliable high speed.
Along with the development of computer network and Internet of Things, various application newly emerges in an endless stream, and various new operating platform also continues to bring out, the Internet+epoch to facing, the problem of information security also highlights day by day.Authentication becomes the object needing emphasis to consider in the Internet, Internet of Things development, how to identify that do not increase again extra burden has become a much-talked-about topic to user identity simultaneously quickly and accurately.
Current existing on-line authentication mode has following several: one is the authenticating party of user name+password code, and the user name that it only needs user to input when each certification to have remembered, password can complete certification; Two is use UKey to strengthen verification process, especially uses comparatively general when internet banking operation; Three is use dynamic verification code (mobile phone identifying code, OTP etc.) to strengthen verification process.After both depend on the authentication mode of traditional user name+password.
FIDO standard is identity Valuation Standard on a line releasing in the world, and this consensus standard is divided into two large classes, is respectively UAF and U2F.The main mission of FIDO is the interoperability that the mode that creates industry standard ensures between the strong authentication techniques that each manufacturer develops, with the double factor simplified even multiple-factor authentication techniques terminate the worry of user's memory cipher for many years.
Existing on-line authentication mode is still based on traditional user name, password, and this just requires that user remembers a large amount of user names, password, and repetition of trying not, and especially some online transaction platforms, have certain requirement to the complexity of password.User not only will worry forgeing of user name, password, must prevent from being illegally accessed, thus causes unnecessary loss.
Secondly although the mode of UKey provides high level fail safe, current do not have unified standard, and especially there is the UKey product of oneself in Mei Jia bank, can not be well compatible, and this is concerning user not being a good scheme.Add UKey use procedure still more loaded down with trivial details.
Although the mode of dynamic verification code enhances verification process again, still need the information outside user's amount of imports, this experiences in some gently mutual terminals is not fine, such as TV, inputs too much information reduce Consumer's Experience by remote controller.
The appearance of FIDO standard efficiently solves the problems referred to above, and it makes user to input password, additionally provides high level fail safe simultaneously, utilizes the basis of biological characteristic as certification of user, and unified standard also assures that the compatibility of product.Mostly the realization of current FIDO standard on authenticate device is the connected mode adopting USB, bluetooth or NFC.But this connected mode has certain limitation, such as in intelligent television application scenarios, USB hole multidigit is in intelligent television rear end or side, when verification process, the button pressed before also needing user to go to television surface on USB authenticate device just can complete certification, or the intelligent television had does not support that bluetooth connects.
Summary of the invention
In order to solve the problems of the technologies described above, the object of this invention is to provide a kind of can convenient, fast, the separate type identification authentication system that carries out TV payment safely and Verification System and method.
The technical solution adopted in the present invention is:
A kind of separate type identification authentication system based on USB device, comprise the safety compute parts and user rs authentication parts that are separated and arrange, described safety compute parts comprise security module, first wireless communication module, usb communication module and condition prompting module, described user rs authentication parts comprise the second wireless communication module, SIM and power module, described usb communication module is used for being connected with external smart terminal, described USB intelligent terminal, first wireless communication module, condition prompting module is all connected with security module, described first wireless communication module and the second wireless communication module wireless connections, described second communication module is connected with authentication module, described power module is used for providing working power for the internal circuit of user rs authentication parts, described safety caculation module has been used for FIDO protocol realization, algorithms library realization, key management functions realization, the realization of certificate storage functional realiey, USB controlling functions, the realization of wireless receiving and dispatching controlling functions and condition prompting functional realiey.
Preferably, described authentication module is that one key confirms that authentication module, sound wave confirm authentication module, fingerprint recognition authentication module or Application on Voiceprint Recognition authentication module.
Preferably, described first wireless communication module and the second wireless communication module are connected by bluetooth, infrared, 2.4G or sound wave radio connection.
Preferably, described external smart terminal is PC, intelligent television or OTT box.This embodiment is for intelligent television.
Preferably, described power module comprises button cell.
Preferably, described user rs authentication parts are provided with the sticking area for being fixedly connected with.
A kind of separate type identity authorization system based on USB device, it comprises a kind of separate type identification authentication system based on USB device, also comprise intelligent terminal and FIDO server, described intelligent terminal runs and has client-side program, described client and usb communication model calling, described client is connected by Internet and FIDO server.
Based on a separate type identity identifying method for USB device, it is applied to a kind of separate type identity authorization system based on USB device, and described method comprises binding step and payment step,
Described binding step comprises sub-step:
S11, bind request is sent to safety compute parts by USB interface by client, and waits for safety compute parts process request results;
S12, the security module in safety compute parts resolves bind request, controls the first wireless communication module and send authentication of users request to user rs authentication parts after being judged as bindings; Be connected if safety compute parts and user rs authentication parts are one-way communication, then state of a control reminding module reminding user carries out authentication confirmation operation;
S13, user rs authentication parts wake user's input module up after wirelessly receiving request and wait for that user inputs subscriber authentication information;
S14, subscriber authentication module collection, checking and storage subscriber authentication information, and the result is forwarded to safety compute parts;
S15, safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise public private key pair generation, key storage and signature step, and send to client by USB controller after being encapsulated by execution result;
S16, bind request execution result is sent to FIDO server by client, verifies that whether this process is effective, and stores critical data, then return success or not result by FIDO network in charge;
Payment step comprises sub-step:
S21, authentication request is sent to safety compute parts by USB interface by client, and waits for the result of safety compute parts process authentication request;
S22, safety compute interpret authentication request, controls the first wireless communication module and sends authentication of users request to user rs authentication parts after being judged as authentication operation; Be connected if safety compute parts and user rs authentication parts are one-way communication, then state of a control reminding module reminding user carries out authentication confirmation operation;
S23, user rs authentication parts wake user's input module up after wirelessly receiving request and wait for that user inputs subscriber authentication information;
S24, safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise key inquiry and signature step, and send to client by USB controller after being encapsulated by execution result;
S25, authentication request execution result is sent to FIDO server by client, verifies that whether this process is effective, and upgrades related data, return success or not result by FIDO network in charge.
The invention has the beneficial effects as follows:
The present invention is directed to existing authenticate device and propose a kind of separate type authenticate device based on USB device in convenience, this problem of versatility deficiency, it realizes according to FIDO standard, not only can other FIDO products compatible, and can plurality of application scenes be applicable to, especially pay in application scenarios at TV, enhance Consumer's Experience.Concrete, the present invention, by adopting FIDO authentication techniques, does not need user to remember a large amount of user names, password information, decreases the worry of memory; Adopt the universal standard, compatibility, universality are better, also make authentication mode safer simultaneously; Adopt separate type authenticate device, make use scenes and operating process all more convenient and flexible, there is good Consumer's Experience.
The present invention can be widely used in various television payment system.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described further:
Fig. 1 is the structural representation of a kind of embodiment of identification authentication system of the present invention;
Fig. 2 is the system framework figure of a kind of embodiment of Verification System of the present invention;
Fig. 3 is the method flow diagram of a kind of embodiment of authentication method of the present invention.
Embodiment
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.
As shown in Figure 1, a kind of separate type identification authentication system based on USB device, comprise the safety compute parts and user rs authentication parts that are separated and arrange, described safety compute parts comprise security module, first wireless communication module, usb communication module and condition prompting module, described user rs authentication parts comprise the second wireless communication module, SIM and power module, described usb communication module is used for being connected with external smart terminal, described USB intelligent terminal, first wireless communication module, condition prompting module is all connected with security module, described first wireless communication module and the second wireless communication module wireless connections, described second communication module is connected with authentication module, described power module is used for providing working power for the internal circuit of user rs authentication parts, described safety caculation module has been used for FIDO protocol realization, algorithms library realization, key management functions realization, the realization of certificate storage functional realiey, USB controlling functions, the realization of wireless receiving and dispatching controlling functions and condition prompting functional realiey.
Preferably, described authentication module is that one key confirms that authentication module, sound wave confirm authentication module, fingerprint recognition authentication module or Application on Voiceprint Recognition authentication module.
Preferably, described first wireless communication module and the second wireless communication module are connected by bluetooth, infrared, 2.4G or sound wave radio connection.
Preferably, described external smart terminal is PC, intelligent television or OTT box.
Preferably, described power module comprises button cell.
In this embodiment, authenticate device primarily of 2 independently parts composition, be respectively: safety compute parts, user rs authentication parts.Wherein safety compute parts adopt USB interface and terminal (comprising individual PC, intelligent television, OTT box etc.) interconnected Serial Communication of going forward side by side, and are responsible for power supply by terminal; User rs authentication parts are powered by battery (button cell or lithium battery).Therebetween wireless connections (bluetooth, infrared, 2.4G, sound wave etc.) mode is adopted to communicate.
One, safety compute parts mainly comprise security module, the first wireless communication module, usb communication module and condition prompting module etc.
(1) security module provides core calculations and the memory function of certification, is that a safety chip adds that some peripheral circuits form.It provides the protective capability of hardware-level for certification.
(2) usb communication module primary responsibility and terminal equipment carry out interconnected, and provide the power supply capacity with the data transmission capabilities of terminal equipment and safety compute parts.
(3) first wireless communication modules by serial ports and security module interconnected, primary responsibility sends the data that pass over of security module and receives the data that user rs authentication parts send over.It comprises the antenna etc. of wireless chip and correspondence.
(4) condition prompting module is mainly the prompting function of user operation state, and the flicker such as controlling LED carrys out the different conditions of reminding user current operation.
Safety compute parts using security module as core, other modules of then connecting.Safety chip during hardware designs in security module is as master control.
Two, user rs authentication parts mainly comprise the first wireless communication module, SIM, power module etc.
(1) first wireless communication module primary responsibility receive from safety compute parts request msg and send subscriber authentication result data.
(2) identity of SIM primary responsibility to user is verified or whether simple authentication current operation is the operation that user initiatively carries out.The checking means that SIM can adopt have one key confirmation, sound wave confirmation, fingerprint recognition checking, Application on Voiceprint Recognition checking etc.
(3) power module is mainly user rs authentication parts provides power supply to input, such as button cell etc.
Both safety compute parts and user rs authentication parts occur in pairs, can be buckled together, prevent from arbitrarily placing and causing one of them to lose at unused state.
Safety compute parts and user rs authentication parts include independently fixer system, and safety compute components interior fixer system realizes according to FIDO standard, compatibility can meet other products of FIDO standard fast.It mainly comprises FIDO protocol realization, algorithms library realization, key management functions realization, the realization of certificate storage functional realiey, USB controlling functions, the realization of wireless receiving and dispatching controlling functions, condition prompting functional realiey etc.Wherein algorithms library comprises hash algorithm, Digital Signature Algorithm, symmetrical enciphering and deciphering algorithm etc. in realizing; User rs authentication parts fixer system then mainly comprises user input capability realization, identification verification function realizes, data storage function realizes, wireless receiving and dispatching controlling functions realizes.
Preferably, described user rs authentication parts are provided with the sticking area for being fixedly connected with.User rs authentication parts increase and pastes region, any place can be fixed on, such as, fix on a remote control when using intelligent television; Use during Desktop PC and to be fixed on keyboard etc., increase the degree of freedom used.
A kind of separate type identity authorization system based on USB device, it comprises a kind of separate type identification authentication system based on USB device, also comprise intelligent terminal and FIDO server, described intelligent terminal runs and has FIDO client-side program, described FIDO client and usb communication model calling, described FIDO client is connected by Internet and FIDO server.
With reference to Fig. 2, for authenticate device application scenarios for intelligent television payment process, then the client in Fig. 2 comprises payment application and FIDO client.Its connected mode is respectively: client is connected with FIDO server by the Internet, in authenticate device safety compute parts by USB interface and intelligent television interconnected, payment application then uses USB control API to communicate with the safety compute parts be connected on intelligent television; Safety compute parts provide power supply by intelligent television USB port, and user rs authentication parts then provide power supply by built-in button cell, and the two connects according to presetting after switching on power automatically automatically, and such as bluetooth connects.
Based on a separate type identity identifying method for USB device, it is applied to a kind of separate type identity authorization system based on USB device, and described method comprises binding step and payment step,
Described binding step comprises sub-step:
Bind request is sent to safety compute parts by USB interface by S11, FIDO client, and waits for safety compute parts process request results;
S12, the security module in safety compute parts resolves bind request, controls the first wireless communication module and send authentication of users request to user rs authentication parts after being judged as bindings; ; Be connected if safety compute parts and user rs authentication parts are one-way communication, then state of a control reminding module reminding user carries out authentication confirmation operation;
S13, user rs authentication parts wake user's input module up after wirelessly receiving request and wait for that user inputs subscriber authentication information;
S14, subscriber authentication module collection, checking and storage subscriber authentication information, and the result is forwarded to safety compute parts;
S15, safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise public private key pair generation, key storage and signature step, and send to FIDO client by USB controller after being encapsulated by execution result;
Bind request execution result is sent to FIDO server by S16, FIDO client, verifies that whether this process is effective, and stores critical data, then return success or not result by FIDO network in charge;
Payment step comprises sub-step:
Authentication request is sent to safety compute parts by USB interface by S21, FIDO client, and waits for the result of safety compute parts process authentication request;
S22, safety compute interpret authentication request, controls the first wireless communication module and sends authentication of users request to user rs authentication parts after being judged as authentication operation; ; Be connected if safety compute parts and user rs authentication parts are one-way communication, then state of a control reminding module reminding user carries out authentication confirmation operation;
S23, user rs authentication parts wake user's input module up after wirelessly receiving request and wait for that user inputs subscriber authentication information;
S24, safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise key inquiry and signature step, and send to FIDO client by USB controller after being encapsulated by execution result;
Authentication request execution result is sent to FIDO server by S25, FIDO client, verifies that whether this process is effective, and upgrades related data, return success or not result by FIDO network in charge.
As shown in Figure 3, below for TV payment in detail, the implementation procedure of the inventive method is described in detail.
Binding procedure:
1. user uses a teleswitch selective authenticate device bindings in payment application performing.
2. payment application submits to the user name and password to confirm to service end, and waits for the bind request that service end creates.
3. payment application receives from after the bind request of service end, by the USB control program of FIDO client, bind request is sent to safety compute parts, and waits for safety compute parts process request results.
4. safety compute interpret bind request, controls the first wireless communication module and sends authentication of users request to user rs authentication parts after being judged as bindings.
5. user rs authentication parts wake user's input module up after receiving request and wait for that user inputs.As user's typing finger print information in finger scan region, subscriber authentication module then can extract user fingerprints characteristic value, and judge currently whether there is this characteristic value, if without any fingerprint characteristic Value Data, this characteristic value stored, and control the first wireless communication module to safety compute parts transmission user rs authentication result.
6. safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise the steps such as public private key pair generation, key storage, signature, and by execution result according to the encapsulation of certain form, send to FIDO client by USB controller.
Bind request execution result is sent to service end by payment application by 7.FIDO client, is responsible for verifying that whether this process is effective, and stores critical data, and return success or not result to payment application by service end.
8. whether payment application prompting user binding is successful.
Payment process:
1. user uses a teleswitch and in payment application, selects delivery operation and perform.
2. payment application submits to service end the request of payment to, and waits for the authentication request that service end creates.
3. payment application receives from after the authentication request of service end, by the USB control program of FIDO client, authentication request is sent to safety compute parts, and waits for safety compute parts process request results.
4. safety compute interpret authentication request, controls the first wireless communication module and sends authentication of users request to user rs authentication parts after being judged as authentication operation.
5. user rs authentication parts wake user's input module up after receiving request and wait for that user inputs.As user's typing finger print information in finger scan region, subscriber authentication module then can extract user fingerprints characteristic value, and judges whether current characteristic value meets with the data stored.If exist without any fingerprint characteristic data, then return authentication failed, then control the first wireless communication module and send user rs authentication result to safety compute parts.
6. safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise the steps such as key inquiry, signature, and by execution result according to the encapsulation of certain form, send to FIDO client by USB controller.
Authentication request execution result is sent to service end by payment application by 7.FIDO client, is responsible for verifying that whether this process is effective, and upgrades related data, return success or not result to payment application by service end.
8. whether payment application prompting user pays successful.
The present invention is directed to existing authenticate device and propose a kind of separate type authenticate device based on USB device in convenience, this problem of versatility deficiency, it realizes according to FIDO standard, not only can other FIDO products compatible, and can plurality of application scenes be applicable to, especially pay in application scenarios at TV, enhance Consumer's Experience.Concrete, the present invention, by adopting FIDO authentication techniques, does not need user to remember a large amount of user names, password information, decreases the worry of memory; Adopt the universal standard, compatibility, universality are better, also make authentication mode safer simultaneously; Adopt separate type authenticate device, make use scenes and operating process all more convenient and flexible, there is good Consumer's Experience.
The present invention can be widely used in various television payment system.
More than that better enforcement of the present invention is illustrated, but the invention is not limited to described embodiment, those of ordinary skill in the art also can make all equivalent variations or replacement under the prerequisite without prejudice to spirit of the present invention, and these equivalent distortion or replacement are all included in the application's claim limited range.
Claims (8)
1. the separate type identification authentication system based on USB device, it is characterized in that, comprise the safety compute parts and user rs authentication parts that are separated and arrange, described safety compute parts comprise security module, first wireless communication module and usb communication module, described user rs authentication parts comprise the second wireless communication module, SIM and power module, described usb communication module is used for being connected with external smart terminal, described USB intelligent terminal is all connected with security module with the first wireless communication module, described first wireless communication module and the second wireless communication module wireless connections, described second communication module is connected with authentication module, described power module is used for providing working power for the internal circuit of user rs authentication parts, described safety caculation module has been used for FIDO protocol realization, algorithms library realization, key management functions realization, the realization of certificate storage functional realiey, USB controlling functions, the realization of wireless receiving and dispatching controlling functions and condition prompting functional realiey.
2. a kind of separate type identification authentication system based on USB device according to claim 1, it is characterized in that, described authentication module is that one key confirms that authentication module, sound wave confirm authentication module, fingerprint recognition authentication module or Application on Voiceprint Recognition authentication module.
3. a kind of separate type identification authentication system based on USB device according to claim 1 and 2, is characterized in that, described first wireless communication module and the second wireless communication module are connected by bluetooth, infrared, 2.4G or sound wave radio connection.
4. a kind of separate type identification authentication system based on USB device according to claim 3, is characterized in that, described external smart terminal is PC, intelligent television or OTT box.
5. a kind of separate type identification authentication system based on USB device according to claim 4, it is characterized in that, described power module comprises button cell.
6. a kind of separate type identification authentication system based on USB device according to claim 1,2,4 or 5, is characterized in that, described user rs authentication parts being provided with the sticking area for being fixedly connected with.
7. the separate type identity authorization system based on USB device, it is characterized in that, it comprises a kind of separate type identification authentication system based on USB device as described in claim 1 to 6 any one, also comprise intelligent terminal and FIDO server, described intelligent terminal runs and has client-side program, described client and usb communication model calling, described client is connected by Internet and FIDO server.
8. based on a separate type identity identifying method for USB device, it is characterized in that, it is applied to a kind of separate type identity authorization system based on USB device as claimed in claim 7, and described method comprises binding step and payment step,
Described binding step comprises sub-step:
S11, bind request is sent to safety compute parts by USB interface by client, and waits for safety compute parts process request results;
S12, the security module in safety compute parts resolves bind request, controls the first wireless communication module and send authentication of users request to user rs authentication parts after being judged as bindings; Be connected if safety compute parts and user rs authentication parts are one-way communication, then state of a control reminding module reminding user carries out authentication confirmation operation;
S13, user rs authentication parts wake user's input module up after wirelessly receiving request and wait for that user inputs subscriber authentication information;
S14, subscriber authentication module collection, checking and storage subscriber authentication information, and the result is forwarded to safety compute parts;
S15, safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise public private key pair generation, key storage and signature step, and send to client by USB controller after being encapsulated by execution result;
S16, bind request execution result is sent to FIDO server by client, verifies that whether this process is effective, and stores critical data, then return success or not result by FIDO network in charge;
Payment step comprises sub-step:
S21, authentication request is sent to safety compute parts by USB interface by client, and waits for the result of safety compute parts process authentication request;
S22, safety compute interpret authentication request, controls the first wireless communication module and sends authentication of users request to user rs authentication parts after being judged as authentication operation; Be connected if safety compute parts and user rs authentication parts are one-way communication, then state of a control reminding module reminding user carries out authentication confirmation operation;
S23, user rs authentication parts wake user's input module up after wirelessly receiving request and wait for that user inputs subscriber authentication information;
S24, safety compute parts judge that user rs authentication is passed through, then perform operation further and comprise key inquiry and signature step, and send to client by USB controller after being encapsulated by execution result;
S25, authentication request execution result is sent to FIDO server by client, verifies that whether this process is effective, and upgrades related data, return success or not result by FIDO network in charge.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511020343.5A CN105554013A (en) | 2015-12-30 | 2015-12-30 | Separate identity authentication apparatus based on USB device, system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511020343.5A CN105554013A (en) | 2015-12-30 | 2015-12-30 | Separate identity authentication apparatus based on USB device, system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105554013A true CN105554013A (en) | 2016-05-04 |
Family
ID=55832947
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511020343.5A Pending CN105554013A (en) | 2015-12-30 | 2015-12-30 | Separate identity authentication apparatus based on USB device, system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105554013A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451361A (en) * | 2017-07-31 | 2017-12-08 | 青岛理工大学 | A kind of circuit I D generation methods |
| CN108234509A (en) * | 2018-01-16 | 2018-06-29 | 国民认证科技(北京)有限公司 | FIDO authenticators, Verification System and method based on TEE and PKI certificates |
| CN110400151A (en) * | 2019-07-29 | 2019-11-01 | 中国工商银行股份有限公司 | Voice payment method, apparatus, calculating equipment and medium applied to server |
| CN111291329A (en) * | 2018-12-10 | 2020-06-16 | 航天信息股份有限公司 | File viewing method, device, system, server and readable storage medium |
| CN111339522A (en) * | 2019-05-15 | 2020-06-26 | 深圳市文鼎创数据科技有限公司 | Online quick identity authentication method, online quick identity authentication device and card reader |
| CN112069493A (en) * | 2019-06-10 | 2020-12-11 | 联阳半导体股份有限公司 | Authentication system and authentication method |
| TWI715500B (en) * | 2019-06-10 | 2021-01-01 | 聯陽半導體股份有限公司 | Authentication system and authentication method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102195932A (en) * | 2010-03-05 | 2011-09-21 | 北京路模思科技有限公司 | Method and system for realizing network identity authentication based on two pieces of isolation equipment |
| CN102298683A (en) * | 2010-06-22 | 2011-12-28 | 国民技术股份有限公司 | Authentication device, system and method for short-distance radio-frequency communication authentication |
| EP2437461A1 (en) * | 2010-09-30 | 2012-04-04 | Comcast Cable Communications LLC | Key derivation for secure communications |
| CN102905193A (en) * | 2011-07-29 | 2013-01-30 | 天津三星电子有限公司 | Television set system with safety payment function |
| CN103457922A (en) * | 2012-06-05 | 2013-12-18 | 腾讯科技(深圳)有限公司 | Electronic authentication client-side system, processing method, electronic authentication system and method |
| CN103731756A (en) * | 2014-01-02 | 2014-04-16 | 中国科学院信息工程研究所 | Smart home remote security access control implementation method based on smart cloud television gateway |
| CN105049945A (en) * | 2015-08-13 | 2015-11-11 | 中国科学院信息工程研究所 | Safety payment system and method based on smart TV multi-screen interaction |
-
2015
- 2015-12-30 CN CN201511020343.5A patent/CN105554013A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102195932A (en) * | 2010-03-05 | 2011-09-21 | 北京路模思科技有限公司 | Method and system for realizing network identity authentication based on two pieces of isolation equipment |
| CN102298683A (en) * | 2010-06-22 | 2011-12-28 | 国民技术股份有限公司 | Authentication device, system and method for short-distance radio-frequency communication authentication |
| EP2437461A1 (en) * | 2010-09-30 | 2012-04-04 | Comcast Cable Communications LLC | Key derivation for secure communications |
| CN102905193A (en) * | 2011-07-29 | 2013-01-30 | 天津三星电子有限公司 | Television set system with safety payment function |
| CN103457922A (en) * | 2012-06-05 | 2013-12-18 | 腾讯科技(深圳)有限公司 | Electronic authentication client-side system, processing method, electronic authentication system and method |
| CN103731756A (en) * | 2014-01-02 | 2014-04-16 | 中国科学院信息工程研究所 | Smart home remote security access control implementation method based on smart cloud television gateway |
| CN105049945A (en) * | 2015-08-13 | 2015-11-11 | 中国科学院信息工程研究所 | Safety payment system and method based on smart TV multi-screen interaction |
Non-Patent Citations (1)
| Title |
|---|
| 蔡盛勇等: ""基于SSL 协议的智能电视安全支付方案"", 《电视技术》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107451361A (en) * | 2017-07-31 | 2017-12-08 | 青岛理工大学 | A kind of circuit I D generation methods |
| CN108234509A (en) * | 2018-01-16 | 2018-06-29 | 国民认证科技(北京)有限公司 | FIDO authenticators, Verification System and method based on TEE and PKI certificates |
| CN111291329A (en) * | 2018-12-10 | 2020-06-16 | 航天信息股份有限公司 | File viewing method, device, system, server and readable storage medium |
| CN111291329B (en) * | 2018-12-10 | 2023-08-18 | 航天信息股份有限公司 | File viewing method, device, system, server and readable storage medium |
| CN111339522A (en) * | 2019-05-15 | 2020-06-26 | 深圳市文鼎创数据科技有限公司 | Online quick identity authentication method, online quick identity authentication device and card reader |
| CN112069493A (en) * | 2019-06-10 | 2020-12-11 | 联阳半导体股份有限公司 | Authentication system and authentication method |
| TWI715500B (en) * | 2019-06-10 | 2021-01-01 | 聯陽半導體股份有限公司 | Authentication system and authentication method |
| US11509655B2 (en) | 2019-06-10 | 2022-11-22 | Ite Tech. Inc. | Authentication system and authentication method |
| CN110400151A (en) * | 2019-07-29 | 2019-11-01 | 中国工商银行股份有限公司 | Voice payment method, apparatus, calculating equipment and medium applied to server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105554013A (en) | Separate identity authentication apparatus based on USB device, system and method | |
| CN102143482B (en) | Method and system for authenticating mobile banking client information, and mobile terminal | |
| US6915124B1 (en) | Method and apparatus for executing secure data transfer in a wireless network | |
| CN105827600B (en) | Method and device for logging in client | |
| CN101527630B (en) | Method, server and system for manufacturing certificate remotely | |
| CN105992306B (en) | Binding method of terminal and home gateway | |
| WO2013097358A1 (en) | Network payment method and device | |
| CN105117905A (en) | Wireless Key payment system based on visible light communications and payment method | |
| CN105656850B (en) | Data processing method, related device and system | |
| CN109525989A (en) | Data processing, identity identifying method and system, terminal | |
| CN102298683A (en) | Authentication device, system and method for short-distance radio-frequency communication authentication | |
| CN111404695B (en) | Token request verification method and device | |
| CN101668288A (en) | Identity authenticating method, identity authenticating system and terminal | |
| CN101527714A (en) | Method, device and system for accreditation | |
| CN106790080A (en) | Secure communication of network method and apparatus between operation system and electronic certificate system | |
| CN105376059A (en) | Method and system for performing application signature based on electronic key | |
| CN110278083A (en) | ID authentication request treating method and apparatus, equipment replacement method and apparatus | |
| CN104883686A (en) | Mobile terminal safety certificate method, device, system and wearable equipment | |
| CN201557173U (en) | Set-top box applied to IPTV system | |
| CN108537532B (en) | Resource transfer method, device and system based on near field communication and electronic equipment | |
| CN202026332U (en) | Information authentication system of client end for mobile telephone banking and mobile terminal | |
| CN106789072A (en) | A kind of the FIDO equipment and its method of work of confirmation of being swiped the card with button confirmation and NFC | |
| CN106790078A (en) | Safety communicating method and device between a kind of SDK and electronic certificate system | |
| EP2658297A1 (en) | Method and system for accessing a service | |
| CN105471884B (en) | A kind of authentication method, server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160504 |
|
| RJ01 | Rejection of invention patent application after publication |