CN105577606B - A kind of method and apparatus for realizing authenticator registration - Google Patents
A kind of method and apparatus for realizing authenticator registration Download PDFInfo
- Publication number
- CN105577606B CN105577606B CN201410529164.3A CN201410529164A CN105577606B CN 105577606 B CN105577606 B CN 105577606B CN 201410529164 A CN201410529164 A CN 201410529164A CN 105577606 B CN105577606 B CN 105577606B
- Authority
- CN
- China
- Prior art keywords
- authenticator
- server
- registration
- user
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to fields of communication technology, provide a kind of method and device of authenticator registration, comprising: receive the login state query messages that Authentication Client is sent;Login state query messages include the authentication information of the first user on the server;According to the private key that authentication information and authenticator save, the registration that the first user is not present on authenticator is determined;Sending login state to Authentication Client is unregistered login state query response message;Receive the authenticator registration request that Authentication Client is sent;According to the application identities of server, first user is registered on the server.The private key saved according to the authentication information of the first user on the server and authenticator, it can accurately judge whether authenticator has been registered for the first user on the server, so that authenticator has been that can further register on identical server for the first user in the case that other users are registered on the server.
Description
Technical field
The present invention relates to fields of communication technology, more particularly to the method, apparatus and system of a kind of registration of authenticator.
Background technique
The authentication of early stage generally relies on user name+password mode and carries out.After user's Website login, need to input
User name and corresponding password, website are compared by the username and password saved with oneself, therefore, it is determined that
Whether user is legitimate user.This identification authentication mode needs the password of website preservation user.No matter the password is with plaintext shape
Formula saves, or with the preservation of other encrypted forms, all there is the risk being leaked.
In order to improve the safety of authentication, a kind of feasible method is to use different type using polynary certification
Authentication mode ensure the legitimacy of user identity.U2F (Universal 2nd Factor) agreement is a kind of simplification, auxiliary
The authentication protocol of helping property.The positioning of U2F authenticator is to cooperate other passwords such as webpage password right together as assistant authentification factor
User carries out authentication, to effectively raise the safety of user account.The application scenarios of U2F agreement generally include three
A logic entity:
Server: representing the server of user identity management side, can be the server of service provider, is also possible to body
The server of part provider (IDP, Identity Provider);
Authentication Client: connection authenticator and server, such as browser plug-in.
Authenticator: such as Internet bank USB key.
Authenticator is embodied as user by Authentication Client and registers and authenticate on the server.Authenticator register flow path
It is primarily implemented between user, authenticator and server and establishes incidence relation.After succeeding in registration, authenticator is public and private by one group of generation
Key and private key handle.Authenticator saves private key, private key handle and application identities, and sends public key and private key handle to service
Device, server save user identifier, private key handle, public key.
Authenticator needs first to check whether to be that user registers on the server, before registration to prevent repeated registration.
If authenticator thinks to be that user is registered on the server, no longer registered.In the prior art, authenticator
Check whether chartered method are as follows: according to the login state query messages that Authentication Client is sent, authenticator can be obtained
The application identities of server and a private key handle.Authenticator is according to the private key handle in the corresponding private key of local search and application
Mark;If can not find out, then it is assumed that not to this user's registration mistake on current authentication device;If finding corresponding private key and application mark
Know, then compares the application identities of the server in the application identities and login state query messages, if not identical, then it is assumed that when
Not to this user's registration mistake on preceding authenticator;If the application of the server in the application identities and login state query messages
It identifies also identical, then it is assumed that current authentication device registered this user on the server.
However, actually this method can accurately not judge whether to be that some user registers on the server.
Such as first user have used the first authenticator and registered on server (being assumed to be Bank of China), the first authenticator saves
Registration { appid=boc.com;Keyhandle=1;Prikey=aaaa }, meanwhile, in server side, save first
Registration { the publicKey=12345 that user is registered using the first authenticator;Keyhandle=1;ID=first is used
Family mark }.Second user has used the second authenticator and registers on the server, which is what second user saved
Registration is { appid=boc.com;Keyhandle=1;Pricey=bbbb }.In server side, the second use is saved
Registration { the publicKey=23456 that family is registered using the second authenticator;Keyhandle=1;ID=second user
Mark }.
According to the prior art, when the first user, which is desirable for the second authenticator, to register on the server, second recognizes
Card device can check whether to be that the first user registers on the server according to the registration of the first user on the server
It crosses.Specifically, server obtains the registration { publicKey=of the first user on the server according to the first user identifier
12345;Keyhandle=1;The first user identifier of ID=}.Server is according to registration { publicKey=12345;
Keyhandle=1;The first user identifier of ID=}, registration request is constructed, includes the application identities of server in registration request
Private key handle keyhandle=1 on boc.com and server in the registration of the first user.Authentication Client is according to note
Private key handle on the application identities boc.com and server of server in volume request message in the registration of the first user
Keyhandle=1 constructs login state query messages, and is sent to the second authenticator.Second authenticator is according on server
Private key handle keyhandle=1 in the registration of one user can find the registration { appid=of second user
boc.com;Keyhandle=1;Pricey=bbbb }, and appid and server in the registration of the second user
Application identities it is also identical.Therefore, the second authenticator will be considered that be that the first user completed registration on the server.By
This, the first user will be unable to be registered with the second authenticator, to cause same authenticator cannot be by multiple users in the same clothes
The problem of being used on business device.
Summary of the invention
The embodiment of the invention provides a kind of method and apparatus of authenticator registration, so that authenticator has been other users
In the case where being registered on the server, can further it be registered on identical server for the first user.
In a first aspect, the embodiment of the invention provides a kind of methods of authenticator registration, comprising: receive Authentication Client hair
The login state query messages sent;Wherein, the login state query messages include the authentication letter of the first user on the server
Breath;According to the private key that the authentication information and authenticator save, the note that first user is not present on the authenticator is determined
Volume record;Sending login state to the Authentication Client is unregistered login state query response message;Recognize described in reception
The authenticator registration request that client is sent is demonstrate,proved, includes the application identities of the server in the authenticator registration request;Root
According to the application identities of the server, first user is registered on the server.
With reference to first aspect, in the first possible embodiment of first aspect, described according to the server
Application identities, after being registered on the server to first user, the method also includes: recognized according to described
Device registration request is demonstrate,proved, it includes described in the authenticator registration response that Xiang Suoshu Authentication Client, which sends authenticator registration response,
The public key and private key handle that authenticator generates, in order to which the Authentication Client sends the first registration response to the server,
The first registration response includes the public key and private key handle that the authenticator generates.
With reference to first aspect or the first possible embodiment of first aspect, second in first aspect are possible
Embodiment in, the authentication information is the public affairs in the registration of first user saved on the server
Key, the private key saved according to the authentication information and authenticator determine that there is no first users on the authenticator
Registration, specifically include: being added using the public key in the registration of first user saved on the server
Close first parameter;Encrypted first parameter can not be decrypted using the private key that the authenticator saves by determining, wherein institute
Stating the first parameter includes at least one of any parameter known to the authenticator;Or the private key saved using the authenticator
Encrypt the first parameter;Determine that the public key in the registration using first user on the server can not be to encryption
The first parameter afterwards is decrypted, wherein first parameter includes at least one in any parameter known to the authenticator
It is a.
With reference to first aspect or the first possible embodiment of first aspect, the third in first aspect are possible
Embodiment in, the authentication information is that the server uses the note of first user saved on the server
Public key in volume record is to the encrypted information of the second parameter, the private key saved according to the authentication information and authenticator,
It determines the registration that first user is not present on the authenticator, specifically includes: the private saved using the authenticator
The encrypted information is decrypted in key, determines the private key for not being available the authenticator preservation to the encrypted letter
Breath is decrypted;Wherein, second parameter includes at least one of any parameter known to the authenticator.
It is any into the third implementation of first aspect with the first implementation of first aspect with reference to first aspect
Implementation further includes in the service in the login state query messages in the 4th kind of implementation of first aspect
Private key handle in the registration of first user corresponding with the authentication information saved on device;Described according to institute
State the private key that authentication information and authenticator save, determine on the authenticator there is no the registration of first user it
Before, the method also includes: according to the private key in the registration of first user saved on the server
The registration that handle acquiring authenticator saves;According to the registration that the authenticator of acquisition saves, the certification is obtained
The private key that device saves.
Second aspect, the embodiment of the invention provides a kind of methods of authenticator registration, comprising: receives what server was sent
First registration request, wherein first registration request includes the first user authentication information on the server and the service
The application identities of device;Login state query messages are sent to authenticator, the login state query messages are believed comprising the authentication
Breath;The login state query response message that the authenticator is sent is received, the login state query response message includes instruction
Unregistered login state;Authenticator registration request is sent to the authenticator, includes described in the authenticator registration request
The application identities of server.
In conjunction with second aspect, in the first implementation of second aspect, registered in described sent to the authenticator
After request, the method also includes: it receives the authenticator registration that the authenticator is sent and responds, the authenticator registration response
In include the authenticator generate public key and private key handle;It is registered and is responded according to the authenticator, Xiang Suoshu server is sent
First registration response, described first registers the public key and private key handle generated in response including the authenticator.
In conjunction with the first of second aspect or second aspect implementation, the implementation in the second of second aspect
In, the authentication information is the public key in the registration of first user saved on the server;Or the mirror
Power information is that the server uses public key in the registration of first user saved on the server to the
The information obtained after the encryption of two parameters;Wherein, second parameter include in any parameter known to the authenticator at least
One.
The third aspect, the embodiment of the invention provides a kind of register methods of authenticator, including touch when receiving the first user
After the registration request of hair, the first registration request is sent to Authentication Client, wherein first registration request includes described first
The application identities of user's authentication information on the server and the server;Receive the first note that the Authentication Client is sent
Volume response;Wherein, the first registration response includes the public key and private key handle that authenticator generates;The authenticator is generated
Public key and private key handle are saved on the server in the registration of first user.
In conjunction with the third aspect, in the first embodiment of the third aspect, the authentication information is in the server
Public key in the registration of first user of upper preservation;Or the server uses the institute saved on the server
The public key in the registration of the first user is stated to the information obtained after the encryption of the second parameter;Wherein, second parameter includes
At least one of any parameter known to the authenticator.
Fourth aspect, the embodiment of the invention provides a kind of authenticator register devices, including receiving module: recognizing for receiving
Demonstrate,prove the login state query messages that client is sent;Wherein, the login state query messages include the first user in server
On authentication information;Determining module: for according to the authentication information in the received login state query messages of the receiving module
The private key saved with authenticator determines the registration that first user is not present on the authenticator;Sending module: it is used for
Sending login state to the Authentication Client is unregistered login state query response message;The receiving module, is also used
It include the server in the authenticator registration request for receiving the Authentication Client transmission, the authenticator registration request
Application identities;Registration module: for the application identities according to the received server of the receiving module, exist to first user
It is registered on the server.
In conjunction with fourth aspect, in the first embodiment of fourth aspect, the sending module is also used to according to
Authenticator registration request, Xiang Suoshu Authentication Client send authenticator registration response, include institute in the authenticator registration response
The public key and private key handle of authenticator generation are stated, is rung in order to which the Authentication Client sends the first registration to the server
It answers, the first registration response includes the public key and private key handle that the authenticator generates.
In conjunction with the first of fourth aspect or fourth aspect embodiment, in second of embodiment of fourth aspect,
The authentication information is the public key in the registration of first user saved on the server, the determining module
It is specifically used for: using the first parameter of public key encryption in the registration of first user saved on the server;
Encrypted first parameter can not be decrypted using the private key that the authenticator saves by determining, wherein first parameter
Including at least one of any parameter known to the authenticator;Or joined using the private key encryption first that the authenticator saves
Number;Determine that the public key in the registration using first user on the server can not be to encrypted first ginseng
Number is decrypted, wherein first parameter includes at least one of any parameter known to the authenticator.
In conjunction with the first of fourth aspect or fourth aspect embodiment, in the third embodiment of fourth aspect,
The authentication information is that the server uses the public affairs in the registration of first user saved on the server
Key is specifically used for the encrypted information of the second parameter, the determining module: the private key saved using the authenticator is to described
Encrypted information is decrypted, and determines that not being available the private key that the authenticator saves solves the encrypted information
It is close;Wherein, second parameter includes at least one of any parameter known to the authenticator.
It is any into the third implementation of fourth aspect in conjunction with the first of fourth aspect and fourth aspect implementation
Implementation further includes in the service in the login state query messages in the 4th kind of implementation of fourth aspect
Private key handle in the registration of first user corresponding with the authentication information saved on device;In the determining mould
Block, the private key for being saved according to the authentication information and authenticator determine that there is no first users on the authenticator
Registration before, described device further include: obtain module: for according to described the saved on the server
The registration that private key handle acquiring authenticator in the registration of one user saves;The acquisition module, is also used to basis
The registration that the authenticator obtained saves obtains the private key that the authenticator saves.
5th aspect, the embodiment of the invention provides a kind of Authentication Clients, including receiving module: for receiving server
The first registration request sent, wherein first registration request includes the authentication information of the first user on the server;It sends
Module: the first registration request for being received according to the receiving module sends login state query messages, institute to authenticator
Stating login state query messages includes the authentication information;The receiving module is also used to receive the note that the authenticator is sent
Volume status inquiry response message, the login state query response message include to indicate unregistered login state;The transmission
Module, is also used to the login state query messages received according to the receiving module, and Xiang Suoshu authenticator sends authenticator note
Volume is requested, and includes the application identities of the server in the authenticator registration request.
In conjunction with the 5th aspect, in the first implementation of the 5th aspect, it is used to recognize to described in the sending module
It demonstrate,proves after device sends authenticator registration request, the Authentication Client further include: the receiving module is also used to receive and described recognize
It demonstrate,proves the authenticator that device is sent and registers response, include public key and private key sentence that the authenticator generates in the authenticator registration response
Handle;The sending module, the authenticator registration response for being also used to be received according to the receiving module, Xiang Suoshu server
The first registration response is sent, includes public key and private key handle that the authenticator generates in the first registration response.
In conjunction with the first implementation of the 5th aspect or the 5th aspect, in second of implementation of the 5th aspect,
The authentication information is the public key in the registration of first user saved on the server;Or the authentication letter
Breath is that the server uses the public key in the registration of first user saved on the server to join to second
The information obtained after number encryption;Wherein, second parameter includes at least one of any parameter known to the authenticator.
6th aspect, the embodiment of the invention provides a kind of registrar of authenticator, including sending module: for working as
After the registration request for receiving the first user triggering, the first registration request is sent to Authentication Client, wherein first registration is asked
Seek the application identities including first user authentication information on the server and the server;Receiving module: for connecing
Receive the first registration response that the Authentication Client is sent;Wherein, the first registration response includes the public key that authenticator generates
With private key handle;Preserving module: public key and private key handle for generating the authenticator are saved in institute on the server
In the registration for stating the first user.
In conjunction with the 6th aspect, in the first implementation of the 6th aspect, the authentication information is in the server
Public key in the registration of first user of upper preservation;Or the server uses the institute saved on the server
The public key in the registration of the first user is stated to the information obtained after the encryption of the second parameter;Wherein, second parameter includes
At least one of any parameter known to the authenticator.
7th aspect, the embodiment of the invention provides a kind of authenticator register devices, comprising: processor, memory;Its
In, there is computer-readable program in the memory;The processor is by running the program in the memory, to be used for
Complete the method that any implementation of above-mentioned first aspect provides.
The private key that the present embodiment authenticator is saved according to the first user authentication information on the server and authenticator, can be with
Accurately judge whether authenticator has been registered for the first user on the server, so that authenticator has been it
In the case that his user registers on the server, can further it be infused on identical server for the first user
Volume.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the flow chart of the register method for the authenticator that one embodiment of the invention provides;
Fig. 2 is the flow chart of the register method for the authenticator that further embodiment of this invention provides;
Fig. 3 is the flow chart of the register method for the authenticator that further embodiment of this invention provides;
Fig. 4 is the signaling interaction diagram of authenticator register method provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of authenticator register device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of Authentication Client provided in an embodiment of the present invention;
Fig. 7 is the structural schematic diagram of server provided in an embodiment of the present invention;
Fig. 8 is a kind of structural schematic diagram of authenticator register device provided in an embodiment of the present invention;
Fig. 9 is the structural schematic diagram of Authentication Client provided in an embodiment of the present invention;
Figure 10 is the structural schematic diagram of server provided in an embodiment of the present invention;
Figure 11 is the structural schematic diagram of the system of authenticator provided in an embodiment of the present invention registration.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention is described, and shows
So, described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Based on the reality in the present invention
Example is applied, every other embodiment obtained by those of ordinary skill in the art without making creative efforts all belongs to
In the scope of protection of the invention.
The embodiment of the invention provides a kind of register method of authenticator and devices, so that authenticator has been other users
In the case where being registered on the server, can further it be registered on identical server for the first user.
The method of authenticator registration in the embodiment of the present invention may be implemented in any U2F equipment, such as Internet bank USB key.
The either independent identity of server that server can be the service providers such as Bank of China, Taobao or gaming platform provides
The server of quotient.When user is desirable for the account on certain server, need first to authenticate user identity.In order to
Family identity is authenticated, and needs the use of authenticator to be first that user registers on the server.Authenticator can pass through browser
The Authentication Clients such as plug-in unit are that user registers on the server.In the embodiment of the present invention, the first user has possessed one
First authenticator, and first authenticator has been that first user registers on the server.User is desirable for
Two authenticators are oneself to be registered on the same server, wherein second authenticator has been other users same
It is registered on one server.
Referring to Fig. 1, Fig. 1 shows method one embodiment of authenticator registration of the present invention, the present embodiment method includes:
102, authenticator receives the login state query messages that Authentication Client is sent;Wherein, the login state inquiry
Message includes the authentication information of the first user on the server;
Specifically, being that the first user registers on that server in authenticator, to generate a pair of public and private key and private
Before key handle, Authentication Client constructs login state query messages, inquires the login state of authenticator, confirmation certification
Whether device has been that the first user is registered on that server, the case where to avoid registration is duplicated.
Specifically, Authentication Client connects before the login state query messages that authenticator receives that Authentication Client is sent
Receive the first registration request that server is sent, wherein first login request message includes the authentication information.The certification
Client constructs the login state query messages according to first registration request.
104, the private key saved according to the authentication information and authenticator determines that there is no described first on the authenticator
The registration of user;
When authenticator is that user registers on the server, a public key, a private key and a private key can be generated
Handle.Private key and private key handle are saved as the registration of the user on authenticator by authenticator, and by public key and private key sentence
Handle is sent to server by Authentication Client, and public key and private key handle are saved the note of the user on that server by server
In volume record.
Optionally, the authentication message is the public affairs in the registration of first user saved on the server
Key, the private key saved according to the authentication information and authenticator determine that there is no first users on the authenticator
Registration, specifically include: being added using the public key in the registration of first user saved on the server
Close first parameter;Encrypted first parameter can not be decrypted using the private key that the authenticator saves by determining, wherein institute
Stating the first parameter includes at least one of any parameter known to the authenticator, for example, the authenticator generate it is random
At least one of the private key handle that the private key and the authenticator that number, authenticator save save;Or use the authenticator
The first parameter of private key encryption of preservation;Determine the public key in the registration using first user on the server
Encrypted first parameter can not be decrypted, wherein first parameter includes any parameter known to the authenticator
At least one of, for example, the authenticator generate random number, authenticator save private key and the authenticator save
At least one of private key handle.
Optionally, the authentication information is that the server uses first user's saved on the server
Public key in registration is to the encrypted information of the second parameter, the private saved according to the authentication information and authenticator
Key is determined the registration that first user is not present on the authenticator, specifically includes: being saved using the authenticator
The encrypted information is decrypted in private key, determines the private key for not being available the authenticator preservation to described encrypted
Information is decrypted;Wherein, second parameter includes at least one of any parameter known to the authenticator, such as institute
It states in the application identities of server and the private key handle saved in the registration of first user on the server
At least one.
There is no the method for the registration of first user on the above two determination authenticator, it is all based on
Encrypting and decrypting in modern password system is using different keys, i.e. public key and private key, this two keys can add solution each other
It is close, and the corresponding private key of a public key.If only corresponding key just can be with one of encrypted data
Decryption.If data can be decrypted with one of key, the data encryption that necessarily corresponding key carries out.It is logical
This encrypting and decrypting method is crossed, can accurately determine the registration that whether there is first user on the authenticator.
Above-mentioned two method difference is: when the registration note that the authentication information is first user saved on the server
When public key in record, encrypt and decrypt operation is carried out by authenticator;When the authentication information is server use
Public key in the registration of first user saved on the server is to the information obtained after the encryption of the second parameter
When, cryptographic operation is to be carried out by server, and decryption oprerations are carried out by authenticator.Due to authenticator and server itself
All have encrypting and decrypting functional module, do not need to increase additional hardware supported in this way, does not also need to increase additionally
Secure memory space.
It should be noted that when in authenticator there are when a plurality of authenticator registration, each authenticator registration
In all include a private key, need all private keys saved according to the authentication information and authenticator at this time, it is described to determine
It whether there is the registration of first user on authenticator.For example have m registration on authenticator, wherein m is positive whole
Number, according to the private key and the authentication message saved in first authenticator registration, it can be determined that first certification
Device registration whether be the first user registration;According to the private key saved in Article 2 authenticator registration with it is described
Authentication message, it can be determined that the Article 2 authenticator registration whether be the first user registration etc..When the m item
When registration is not the registration of the first user, determine that there is no the registrations of first user to remember on the authenticator
Record.
Optionally, in a step 102, further include in the login state query messages saved on the server with
Private key handle in the registration of corresponding first user of the authentication information.Specifically, when the authentication information is
The public key either server use in the registration of first user saved on the server is described
When public key in the registration of first user saved on server is to the second parameter encrypted information, then with it is described
Private key handle in the registration of corresponding first user of authentication information just refers in the registration where the public key
Private key handle.Authenticator is first according to the private key in the registration of first user saved on the server
The registration that handle acquiring authenticator saves, the registration that then authenticator is saved according to the authenticator, described in acquisition
The private key that authenticator saves.Further, the private key saved further according to the authentication information and authenticator, determines the authenticator
It is upper that there is no the registrations of first user.When on authenticator there are when a plurality of registration, as long as at this point, carrying out primary
Determine, that is, can determine the registration that first user is not present on the authenticator, improve authenticator login state and look into
The efficiency of inquiry.
Step 106: it is unregistered login state query response message that Xiang Suoshu Authentication Client, which sends login state,;
Specifically, determining that there is no institutes on the authenticator when the private key saved according to the authentication information and authenticator
When stating the registration of the first user, illustrating authenticator not yet is that the first user registers on the server, authenticator to
Authentication Client sends login state query response message and identifier register state is " unregistered ".
Optionally, it when the private key saved according to the authentication information and authenticator, determines on the authenticator described in existing
When the registration of the first user, illustrates that authenticator has been that the first user registers on the server, do not need to carry out again
Registration, authenticator returns to login state query response message to Authentication Client and identifier register state is " registered ".
Specifically, login state query response message can use USB ADPU (Universal Serial Bus
ApplicationProcotolsDataUnits) message, specific format are as follows:
It is registered: with 0x69 0x85 beginning, no payload
It is unregistered: with 0x6A 0x80 beginning, no payload
After receiving the login state query response message, Authentication Client is according to the login state inquiry response
Message determines whether authenticator has been that the first user carried out registration on the server.
Step 108: receiving the registration request that Authentication Client is sent, include the service in the authenticator registration request
The application identities of device;
Specifically, when the login state that the login state that Authentication Client receives authenticator transmission is " unregistered " is inquired
After response message, registration request is constructed, and the registration request is sent to authenticator.It include the clothes in the registration request
The application identities of business device, to indicate that the authenticator is that the first user registers on the server.
Step 110: according to the application identities of the server, first user being infused on the server
Volume.
Specifically, application identities of the authenticator according to the server in the authenticator registration request, are used described first
Family is registered on the server, to generate a pair of public and private key and private key handle is ripe for those skilled in the art
The content known, so the present invention repeats no more.Private key handle is the index inside authenticator to private key, and generation method is not fixed,
For example can be authenticator and generate a random number, but since the secure memory space of authenticator is limited, the private key handle
It may be a simple random number.
Optionally, after being registered on the server according to the registration request to first user, institute
It states authenticator and registers response to authenticator client return authentication device, described register in response includes that the authenticator is used as first
Family carries out the public key and private key handle of registration generation on the server.Authenticator client is registered according to the authenticator rings
It answers, Xiang Suoshu server sends the first registration response, and described first register in response and exist as the first user including the authenticator
The public key and private key handle of registration generation are carried out on the server.
Optionally, before step 102, Authentication Client receives the first registration request that server is sent, and authenticates client
End constructs login state query messages according to first registration request.First user authentication information on the server, in institute
The application identities for stating private key handle and the server in the registration of first user saved on server can
To be carried by first registration request.
The private key that the present embodiment authenticator is saved according to the first user authentication information on the server and authenticator, can be with
Accurately judge whether authenticator has been registered for the first user on the server, so that authenticator has been it
In the case that his user registers on the server, can further it be infused on identical server for the first user
Volume.
Fig. 2 is the flow chart of authenticator register method embodiment two provided by the invention.This method embodiment describes
The process flow of Authentication Client, the Authentication Client can be mounted in the software or soft in computer, plate or terminal
Part plug-in unit, such as browser or browser plug-in.As described in Figure 2, this method comprises the following steps:
Step 202: receiving the first registration request that server is sent, wherein first registration request includes the first use
The application identities of family authentication information on the server and the server;
Optionally, before server sends the first registration request, the first user is needed to trigger register flow path, and server
The modes such as user account password, password, short message or voice can be first passed through, and further combined with registered authenticator,
Verifying the legitimacy of user identity, i.e. the first user needs first login service device, determination needs to carry out authenticator registration, and
After identity is identified, server sends the first registration request.Wherein, the registered authenticator refers to described
The authenticator that one user uses when registering on the server before.
Specifically, the authentication information is the public affairs in the registration of first user saved on the server
Key or the server use the public key in the registration of first user saved on the server to join to second
The information obtained after number encryption;Wherein, second parameter includes at least one of any parameter known to the authenticator,
Such as the server application identities and the private key sentence that is saved in the registration of first user on the server
At least one of handle.
Optionally, further include in first registration request saved on the server it is corresponding with the authentication information
First user registration in private key handle.
Step 204: sending login state query messages to authenticator, wherein the login state query messages include institute
State authentication information;
Optionally, when further including being saved on the server in first registration request with the authentication information pair
It further include in the clothes in the login state query messages when private key handle in the registration of first user answered
Private key handle in the registration of first user corresponding with the authentication information saved on business device.
Step 206: receiving the login state query response message that the authenticator is sent, the login state inquiry response
Message includes to indicate unregistered login state;
Specifically, the login state query response message is authenticator according to the mirror in the login state query messages
The private key weighing information and itself saving, judges to send after whether authenticator is registered for the first user on the server
's.If authenticator has been that first user is registered on the server, returns to login state response and disappear
Breath, and identifier register state is " registered ";If authenticator is that first user is enterprising in the server not yet
It has gone registration, has then returned to login state response message, and identifier register state is " unregistered ".
Specifically, login state response message can use USB ADPU (Universal Serial Bus
ApplicationProcotolsDataUnits) message, specific format are as follows:
It is registered: with 0x69 0x85 beginning, no payload
It is unregistered: with 0x6A 0x80 beginning, no payload
After Authentication Client receives the login state response message, according to the login state query response message
Format can determine whether the authenticator has been that first user is registered on the server.
Step 208: Xiang Suoshu authenticator sends authenticator registration request, includes the clothes in the authenticator registration request
The application identities of business device.
Specifically, determining the authenticator also after Authentication Client receives the login state query response message
It is not first user when being registered on the server, Xiang Suoshu authenticator sends authenticator registration request, refers to
Show that the authenticator registers first user on the server.It include described in the authenticator registration request
The application identities of server, or the hash conversion of the application identities including the server.
It should be noted that first user may have N registration on the server, step 202 at this time
The first registration request in can accordingly include N number of authentication information.In step 204, Authentication Client can be according to the first registration
Each of request authentication information, constructs a login state query messages respectively, and authentication authorization and accounting client can construct N number of registration
STATUS ENQUIRY message.Particularly, when the authenticator being connected on Authentication Client has P, Authentication Client is by N number of note
Volume query messages are sent to P authenticator one by one.When each authenticator receives each login state query messages, all can
Judge whether itself has been registered for the first user on the server, and returns to corresponding login state inquiry response and disappear
Breath.It is when Authentication Client receives the login state that some authenticator A is returned according to a certain login state query messages
When the login state query response message of " unregistered ", then Authentication Client will according to the login state query response message, to
Authenticator A sends authenticator registration request.Then it decides whether to register using authenticator A by user, for example uses
Acknowledgement key etc. is pressed on authenticator A in family.
Further, Authentication Client receives the authenticator registration response that the authenticator is sent, the authenticator registration
It include the public key and private key handle that the authenticator generates in response.Authentication Client is registered according to the authenticator and is responded,
The first registration response is sent to the server, includes public key and private key that the authenticator generates in the first registration response
Handle.
Authentication information construction login state inquiry of the Authentication Client according to the first user on the server in the present embodiment
Message, in order to which authenticator accurately judges whether to be first according to the private key that the authentication information and authenticator save
User is registered on the server, so that authenticator is being feelings that other users are registered on the server
Under condition, can further it be registered on identical server for the first user.
Fig. 3 is the flow chart of authenticator register method embodiment three provided by the invention.The clothes of this method embodiment description
Be engaged in the process flow of device, the server can be to provide website or the platform of various services, such as Bank of China, Taobao or
Gaming platform.As described in Figure 3, this method comprises the following steps:
Step 302: after receiving the registration request of the first user triggering, the first registration request is sent to Authentication Client,
Wherein, first registration request includes that the application of the authentication information and the server of first user on the server is marked
Know;
Specifically, needing first triggering authentication device when the first user is desirable for authenticator and registers on the server
Register flow path, such as, after the first user login services device, click " registration ".Then server confirms the identity of the first user
It is whether legal, after determining that the first user identity is legal, the first registration request is sent to Authentication Client, wherein described first
Login request message includes the authentication information of the first user on the server.It should be noted that the first user is in the service
There may be N registration on device, at this time can accordingly include N number of authentication information in the first registration request.For ease of description,
In the embodiment of the present invention, it is assumed that the first user is in only one registration of the server.
Specifically, first user identity of determination is legal, comprising: server can first pass through user account password, password,
The modes such as short message or voice, and further combined with registered authenticator, to verify the legitimacy of user identity, i.e.,
One user needs first login service device, after identity is identified, just starts to carry out authenticator register flow path.Wherein, it is described
Refer to the authenticator used before first user when registering on the server through registered authenticator.
The authentication information in the registration of first user saved on the server public key or institute
Stating server uses the public key in the registration of first user saved on the server to encrypt the second parameter
The information obtained afterwards;Wherein, second parameter includes at least one of any parameter known to the authenticator, such as institute
It states in the application identities of server and the private key handle saved in the registration of first user on the server
At least one.
It is that the first user registers on the server that the application identities of the server, which are used to indicate authenticator,.
Optionally, further include in first registration request saved on the server it is corresponding with the authentication information
First user registration in private key handle.
Step 304: receiving the first registration response that the Authentication Client is sent, wherein the first registration response bag
It includes authenticator and generates public key and private key handle;
Optionally, when authenticator has been that first user registered on the server, then first note
The content of volume response is sky.
Step 306: public key and private key handle that the authenticator generates are saved in first use on the server
In the registration at family.
Optionally, authenticator generation public key and private key handle are being saved in first user on the server
Registration in front of, server can verify receive first registration response whether first registration request with transmission
It is corresponding.If do not corresponded to, the first registration response is abandoned;If it does correspond, then the first registration is rung server based on the received
Authenticator registration should be obtained and generate public key and private key handle, the authenticator is generated into public key and private key handle is saved in the clothes
On business device in the registration of first user.Further, in the registration of first user on the server also
User identifier including first user, wherein the user identifier of first user is the first user identity in step 302
It is generated when verifying, for example, can be with the user name of the first user.
Server carries the first user in server in the first registration request sent to Authentication Client in the present embodiment
On authentication information, the private saved in order to authenticator according to first user authentication information on the server and authenticator
Key, judges whether authenticator has been registered for the first user on the server, so that authenticator has been other
In the case that user registers on the server, can further it be registered on identical server for the first user.
Fig. 4 is the signaling interaction diagram of authenticator register method example IV provided by the invention.This method embodiment is related to
The process flow that authenticator, Authentication Client and server mutual cooperation are registered.Wherein, the authenticator, which can be, appoints
What U2F equipment, such as U-shield;The Authentication Client can be software or software package in computer, plate or terminal,
Such as browser or browser plug-in;The server can be the services such as Bank of China, Taobao or gaming platform offer
The server of the server of quotient either independent identity provider.In embodiments of the present invention, user has possessed one
One authenticator, and first authenticator has been that the user registers on the server.User is desirable for the second certification
Device is oneself to be registered on the same server, wherein second authenticator has been other users in the same clothes
It is registered on business device.Repeated registration in order to prevent, need to judge authenticator whether for the user on the server into
Registration is gone.As described in Figure 2, this method comprises the following steps:
Step 402- step 404: server can first pass through the modes such as user account password, password, short message or voice and
Further combined with registered authenticator, to verify the legitimacy of user identity;Wherein, the registered certification
Device refers to the authenticator that first user uses when registering on the server before.
Specifically, in step 402, the first user needs to pass through user's account first with Authentication Client login service device
The modes such as the registered permanent residence enables, password, short message or voice, and further combined with registered authenticator, input user identity letter
Breath.After the identity of the first user is confirmed by server, 406 are entered step, hence into authenticator register flow path.
Why need that registered authenticator is combined to be verified, primarily to preventing the user name as user
After password loss, other people caused malicious registrations, to influence the account safety of user.
Step 406: the first registration request of server constructs;
Specifically, the certification that first registration request includes the first user authentication information on the server, to be registered
The application identities of the protocol version of device, server;Optional first registration request further includes protecting on the server
Private key handle in the registration of first user corresponding with the authentication message deposited.
Step 408: server sends the first registration request to Authentication Client;
Step 410: Authentication Client obtains protocol version and the institute of the authenticator according to first registration request
State the application identities of server;Confirm that the protocol version is correct and first registration request is that the server issues.
Optionally, if the protocol version of the authenticator to be registered is incorrect, user is prompted to carry out authenticator upgrading,
After the completion of to be upgraded, continue authenticator register flow path.If the authenticator protocol version to be registered is correct, the first note is confirmed
Volume request is that the server issues.Specifically, the first registration request that authenticator receives, it may be possible to which the first user wishes to infuse
What the server of volume was sent, it is also possible to be that fishing website forges transmission in network.In order to which the registration information of the first user is pacified
Entirely, Authentication Client can verify whether first registration request is the server hair according to the application identities of the server
Out.So, the risk of fishing website can effectively be avoided.It should be noted that specifically how to confirm the agreement
Version is correct and how Authentication Client verifies whether first registration request is institute according to the application identities of the server
State server sending, the content being well known to those skilled in the art, so the embodiment of the present invention is not construed as limiting this.
Step 412: Authentication Client constructs login state query messages, and the login state query messages are sent to
Authenticator, wherein the login state query messages include the authentication information of the first user on the server;
Specifically, being before the first user carries out authenticator registration on the server, to need to confirm that authenticator is in authenticator
No has been that the first user is registered on that server.Otherwise it is possible to the case where duplicating registration, because of certification
The secure memory space of device is limited, and repeated registration can occupy authenticator resource.Wherein, secure memory space refers to the core of authenticator
A specific security module in piece.The security module can only be read and write by authenticator, can not be from external reading/duplication/change.It examines
Consider cost factor, this Partial security memory space generally all very little.But in essence, because authenticator repeated registration makes
It is that same algorithm generates public and private key, so the public and private key intensity that repeated registration generates is constant, does not will increase identity and recognize
The safety of card and it can also cause other problems.Therefore, when authenticator is registered, the phenomenon that avoiding repeated registration.
Specifically, Authentication Client constructs login state query messages, and it is sent to the institute being connected on Authentication Client
There is authenticator.The login state query messages include the authentication information of the first user on the server.Optionally, the registration shape
It can also include first user corresponding with the authentication message saved on the server in state query messages
Private key handle in registration.
Step 414: authenticator sends login state query response message to Authentication Client, and identifier register state is
" unregistered ", enters step 416;
Before executing the step, authenticator obtains first user and is taking according to the login state query messages
The authentication information being engaged on device.Further, the private key that authenticator is saved according to the authentication information and authenticator, determines the certification
The registration of first user is not present on device.
In the present embodiment, the registration for first user that the authentication information can save on the server
In public key, be also possible to the public key in the registration for first user that server saves on the server to
Obtained information after the encryption of two parameters, wherein second parameter include in any parameter known to the authenticator at least
One, for example, the server application identities and the private that is saved in the registration of first user on the server
At least one of key handle.
Optionally, the authentication message is the public affairs in the registration of first user saved on the server
Key, the private key saved according to the authentication information and authenticator determine that there is no first users on the authenticator
Registration, specifically include: being added using the public key in the registration of first user saved on the server
Close first parameter;Encrypted first parameter can not be decrypted using the private key that the authenticator saves by determining, wherein institute
Stating the first parameter includes at least one of any parameter known to the authenticator, for example, the authenticator generate it is random
At least one of the private key handle that the private key and authenticator that number, authenticator save save;Or it is saved using the authenticator
The first parameter of private key encryption;Determine that the public key in the registration using first user on the server can not
Encrypted first parameter is decrypted, wherein first parameter includes in any parameter known to the authenticator
At least one, such as random number, the private key of authenticator preservation and the private key handle of authenticator preservation that the authenticator generates
At least one of.
Optionally, the authentication information is that the server uses first user's saved on the server
Public key in registration is described according to the authentication information and authenticator preservation to the information obtained after the encryption of the second parameter
Private key determines the registration that first user is not present on the authenticator, specifically includes:
The information obtained after the encryption is decrypted in the private key saved using the authenticator, and determination is not available institute
The information obtained after the encryption is decrypted in the private key for stating authenticator preservation;Wherein, second parameter is recognized including described
Demonstrate,prove at least one of any parameter known to device, for example, the server application identities and described the on the server
At least one of private key handle saved in the registration of one user.
There is no the method for the registration of first user on the above two determination authenticator, it is all based on
Encrypting and decrypting in modern password system is using different keys, i.e. public key and private key, this two keys can add solution each other
It is close.And the corresponding private key of a public key.If only corresponding key just can be with one of encrypted data
Decryption.If data can be decrypted with one of key, the data encryption that necessarily corresponding key carries out.It is logical
This encrypting and decrypting method is crossed, can accurately determine the registration that whether there is first user on the authenticator.
Above-mentioned two method difference is: when the registration note that the authentication information is first user saved on the server
When public key in record, encrypt and decrypt operation is carried out by authenticator;When the authentication information is server use
Public key in the registration of first user saved on the server is to the information obtained after the encryption of the second parameter
When, cryptographic operation is to be carried out by server, and decryption oprerations are carried out by authenticator.Due to authenticator and server itself
All have encrypting and decrypting functional module, do not need to increase additional hardware supported in this way, does not also need to increase additionally
Secure memory space.
It should be noted that when in authenticator there are when a plurality of authenticator registration, each authenticator registration
In all include a private key, need all private keys saved according to the authentication information and authenticator at this time, it is described to determine
It whether there is the registration of first user on authenticator.For example have m registration on authenticator, wherein m is positive whole
Number, according to the private key and the authentication message saved in first authenticator registration, it can be determined that first certification
Device registration whether be the first user registration;According to the private key saved in Article 2 authenticator registration with it is described
Authentication message, it can be determined that the Article 2 authenticator registration whether be the first user registration etc..When the m item
When registration is not the registration of the first user, determine that there is no the registrations of first user to remember on the authenticator
Record.
Optionally, in step 412, further include in the login state query messages saved on the server with
Private key handle in the registration of corresponding first user of the authentication information.Specifically, when the authentication information is
The public key either server use in the registration of first user saved on the server is described
When public key in the registration of first user saved on server is to the second parameter encrypted information, then with it is described
Private key handle in the registration of corresponding first user of authentication information just refers in the registration where the public key
Private key handle.Authenticator is first according to the private key in the registration of first user saved on the server
The registration that handle acquiring authenticator saves, the registration that then authenticator is saved according to the authenticator, described in acquisition
The private key that authenticator saves.Further, the private key saved further according to the authentication information and authenticator, determines the authenticator
It is upper that there is no the registrations of first user.When on authenticator there are when a plurality of registration, as long as at this point, carrying out primary
Determine, that is, can determine the registration that first user is not present on the authenticator, improve authenticator login state and look into
The efficiency of inquiry.
When determining on the authenticator there are the registration of first user, illustrate that authenticator has been the first user
Authenticator registration is carried out on the server, does not need to be registered again, and authenticator returns to login state to Authentication Client
For the login state query response message of " registered ";When determine on the authenticator there is no first user registration remember
When record, illustrating authenticator not yet is that the first user carries out authenticator registration, authenticator Authentication Client on the server
Send the login state query response message that login state is " unregistered ".
Specifically, login state query response message can use USB ADPU (Universal Serial Bus
ApplicationProcotolsDataUnits) message, specific format are as follows:
It is registered: with 0x69 0x85 beginning, no payload
It is unregistered: with 0x6A 0x80 beginning, no payload
After Authentication Client receives the login state response message, according to the lattice of the status inquiry response message
Formula can determine whether authenticator has been that the first user is registered on the server.
Step 418: Authentication Client sends registration request to authenticator, includes the server in the registration request
Application identities;
Specifically, determining the authenticator also after Authentication Client receives the login state query response message
It is not first user when being registered on the server, Xiang Suoshu authenticator sends the registration request.It is described
It include the application identities of the server, or the hash conversion of the application identities including the server in registration request.
It should be noted that first user may have N registration on the server, step 405- at this time
It can accordingly include N number of authentication information in the first registration request in 408.In step 412, Authentication Client can be according to first
Each of registration request authentication information constructs a login state query messages respectively, and authentication authorization and accounting client can construct N number of
Login state query messages.Particularly, when the authenticator being connected on Authentication Client has P, Authentication Client is by the N
A trade mark enquiries message is sent to P authenticator one by one.When each authenticator receives each login state query messages,
It will judge whether itself has been registered for the first user on the server, and return to corresponding login state inquiry and ring
Answer message.When Authentication Client receives the registration shape that some authenticator A is returned according to a certain login state query messages
When state is the login state query response message of " unregistered ", then Authentication Client will disappear according to the login state inquiry response
Breath sends authenticator registration request to authenticator A.Then it decides whether to register using authenticator A by user, than
Such as user presses acknowledgement key on authenticator A.
Step 418: authenticator is generated according to the application identities of the server in the authenticator registration request received
A pair of public and private key and private key handle;
Specifically, authenticator generates a pair of public and private key and private key handle is the content being well known to those skilled in the art,
So the present invention repeats no more.Private key handle is the index inside authenticator to private key, and generation method is not fixed, for example can be
Authenticator generates a random number, but since the secure memory space of authenticator is limited, the private key handle may be one
Simple random number.
Specifically, authenticator the application identities of the private key of generation and private key handle and the server are saved in it is described
First user is in the registration on authenticator.
Step 420: authenticator sends authenticator registration response to Authentication Client;
Specifically, including the public key and private key handle that authenticator generates in step 418 in the authenticator registration response.
Optionally, if authenticator for Authentication Client send login state query messages feedback be all login state
For the login state query response message of " registered ", then the registration reply message content is sky.
Step 422: Authentication Client sends the first registration response to server;
Specifically, including the public key and private key handle for including authenticator generation in step 418 in the first registration response.
Optionally, if authenticator for Authentication Client send login state query messages feedback be all login state
For the login state query response message of " registered ", then described first the content of response is registered as sky.
Step 424: the legitimacy for the first registration response that server authentication receives;
Specifically, the first registration response is tampered server in order to prevent, needs to verify the first registration received and ring
How the legitimacy answered specifically verifies legitimacy and belongs to technology well known to those skilled in the art, unrelated to the invention, the present invention
Embodiment with no restrictions, also repeats no more.
Step 426: the user identifier for public key, private key handle and the first user that server generates the authenticator saves
Into the registration of first user on the server.
Wherein, it is the first user described that the registration of first user on the server, which describes the authenticator,
Registration scenarios on server.The user identifier of first user is what server was obtained when verifying the first user identity,
For example it can be the user name of the first user.
Server carries the first user in server in the first registration request sent to Authentication Client in the present embodiment
On authentication information, in order to the private key that authenticator is saved according to the first user authentication information on the server and authenticator,
Judge whether authenticator has been registered for the first user on the server, so that authenticator has been other users
In the case where being registered on the server, can further it be registered on identical server for the first user.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above-mentioned each method embodiment can lead to
The relevant hardware of program instruction is crossed to complete.Program above-mentioned can be stored in a computer readable storage medium.The journey
When being executed, execution includes the steps that above-mentioned each method embodiment to sequence;And storage medium above-mentioned include: ROM, RAM, magnetic disk or
The various media that can store program code such as person's CD.
A kind of structural schematic diagram of authenticator register device embodiment one provided by the invention is described referring to Fig. 5, Fig. 5.
As shown in figure 5, the device includes: receiving module 51, determining module 52, sending module 53, registration module 54;Wherein,
Receiving module 51, for receiving the login state query messages of Authentication Client transmission;Wherein, the login state
Query messages include the authentication information of the first user on the server;
Specifically, the authentication information is the public affairs in the registration of first user saved on the server
Key or the server use the public key in the registration of first user saved on the server to join to second
The encrypted information of number, wherein second parameter includes at least one of any parameter known to the authenticator, such as
In the application identities of the server and the private key handle saved in the registration of first user on the server
At least one.
Determining module 52: for according in the received login state query messages of the receiving module authentication information with recognize
The private key that device saves is demonstrate,proved, determines the registration that first user is not present on the authenticator;
Specifically, when the authentication information is in the registration of first user saved on the server
When public key, the determining module 52 is specifically used for: using the registration of first user saved on the server
In the first parameter of public key encryption;Encrypted first parameter can not be solved using the private key that the authenticator saves by determining
It is close, wherein first parameter includes at least one of any parameter known to the authenticator, such as authenticator life
At random number, at least one of the private key handle that saves of the private key that saves of the authenticator and the authenticator;Or make
The first parameter of private key encryption saved with the authenticator;Determine the registration using first user on the server
Encrypted first parameter can not be decrypted in public key in record, wherein first parameter include the authenticator
At least one of any parameter known, for example, the authenticator generate random number, the authenticator save private key and
At least one of the private key handle that the authenticator saves.
When the authentication information is the registration that the server uses first user saved on the server
When public key in record is to the second parameter encrypted information, the determining module 52 is specifically used for: being protected using the authenticator
The encrypted information is decrypted in the private key deposited, and determines the private key for not being available the authenticator preservation to the encryption
Information afterwards is decrypted;Wherein, second parameter includes at least one of any parameter known to the authenticator, than
The private key handle saved in the registration of the first user as described in such as the application identities of the server and on the server
At least one of.
Sending module 53: being unregistered login state inquiry response for sending login state to the Authentication Client
Message;
The receiving module 51 is also used to receive the authenticator registration request that the Authentication Client is sent, the certification
It include the application identities of the server in device registration request;
Registration module 54: for answering according to the server in the received authenticator registration request of the receiving module
With mark, first user is registered on the server.
Optionally, the sending module 53 is also used to according to the authenticator registration request, Xiang Suoshu Authentication Client hair
Authenticator registration response is sent, the authenticator registers the public key and private key handle generated in response including the authenticator, so as to
The first registration response is sent to the server in the Authentication Client, the first registration response includes that the authenticator is raw
At public key and private key handle.
It optionally, further include being saved on the server in the received login state query messages of the receiving module
Private key handle in the registration of first user corresponding with the authentication information;In the determining module 52, it is used for
According to the private key that the authentication information and authenticator save, determine that there is no the registrations of first user to remember on the authenticator
Before record, described device further include:
Obtain module 55: in the registration according to first user saved on the server
The registration that private key handle acquiring authenticator saves;The acquisition module 55 is also used to be protected according to the authenticator of acquisition
The registration deposited obtains the private key that the authenticator saves.
Device provided in an embodiment of the present invention can execute the embodiment of the method for the registration of authenticator described in above-mentioned Fig. 1,
The realization principle and technical effect are similar, and particular content please refers to related content described in Fig. 1, and details are not described herein.
The structural schematic diagram of Authentication Client provided by the invention is described referring to Fig. 6, Fig. 6.As shown in figure 5, the device
It include: receiving module 61, sending module 62;Wherein,
Receiving module 61, for the first registration request for receiving server transmission, wherein first registration request
Authentication information including the first user on the server.
Specifically, the authentication information is the public affairs in the registration of first user saved on the server
Key;Or the authentication information is that the server uses in the registration of first user saved on the server
Public key to obtained information after the encryption of the second parameter;Wherein, second parameter includes any ginseng known to the authenticator
Number at least one of, such as the server application identities and on the server first user registration
At least one of private key handle of middle preservation.
Sending module 62 is sent for the first registration request for being received according to the receiving module to authenticator
Login state query messages, the login state query messages include the authentication information;
The receiving module 61 is also used to receive the login state query response message that the authenticator is sent, the note
Volume status inquiry response message includes to indicate unregistered login state;
The sending module 62 is also used to the login state query messages received according to the receiving module, Xiang Suoshu
Authenticator sends authenticator registration request, includes the application identities of the server in the authenticator registration request.
Optionally, after the sending module 61 sends authenticator registration request to the authenticator, the reception mould
Block 61 is also used to receive the authenticator registration response of the authenticator transmission, recognizes in the authenticator registration response including described
Demonstrate,prove public key and private key handle that device generates.The sending module 62, be also used to according to the receiving module receive described in recognize
Device registration response is demonstrate,proved, it includes that the authenticator is raw in the first registration response that Xiang Suoshu server, which sends the first registration response,
At public key and private key handle.
Device provided in an embodiment of the present invention can execute the embodiment of the method for the registration of authenticator described in above-mentioned Fig. 2,
The realization principle and technical effect are similar, and particular content please refers to related content described in Fig. 2, and details are not described herein.
The structural schematic diagram of server provided in an embodiment of the present invention is described referring to Fig. 7, Fig. 7.As shown in fig. 7, the dress
Set includes: sending module 71, receiving module 72 and holding module 73;Wherein,
Sending module 71: for sending the first note to Authentication Client after receiving the registration request of the first user triggering
Volume request, wherein first registration request includes the authentication information and the server of first user on the server
Application identities;
Specifically, the authentication information is the public affairs in the registration of first user saved on the server
Key;Or
The server uses the public key in the registration of first user saved on the server to the
The information obtained after the encryption of two parameters;Wherein, second parameter include in any parameter known to the authenticator at least
One, for example, the server application identities and the private that is saved in the registration of first user on the server
At least one of key handle.
Receiving module 72: the first registration response sent for receiving the Authentication Client;Wherein, first registration
Response includes the public key and private key handle that authenticator generates;
Preserving module 73: public key and private key handle for generating the authenticator are saved on the server described
In the registration of first user.
Device provided in an embodiment of the present invention can execute the embodiment of the method for the registration of authenticator described in above-mentioned Fig. 3,
The realization principle and technical effect are similar, and particular content please refers to related content described in Fig. 3, and details are not described herein.
Referring to Fig. 8, the embodiment of the present invention also provides the structural schematic diagram of authenticator register device, it may include: bus 803,
The processor 802 being connected with bus 803 and the memory 801 being connected with bus 803.Processor 802 can use general
Central processing unit (Central Processing Unit, CPU), microprocessor, application specific integrated circuit (Application
Specific Integrated Circuit, ASIC), or one or more integrated circuits, for executing relative program, with
Realize technical solution provided by the embodiment of the present invention.Memory 801 can be read-only memory (Read Only Memory,
ROM), static storage device, dynamic memory or random access memory (Random Access Memory, RAM).It deposits
Reservoir 801 can store an operating system and other applications.Realizing that the embodiment of the present invention mentions by software or firmware
When the technical solution of confession, it is stored in memory 801 for realizing the program code of technical solution provided in an embodiment of the present invention,
And it is executed by processor 802.
Specifically, the processor 802 and the memory 801 are communicated by the bus 803;Wherein, described
There is computer-readable program in memory 801;The processor 802 by running the program in the memory 801, with
In the login state query messages for receiving Authentication Client transmission;Wherein, the login state query messages include the first user
Authentication information on the server;According to the private key that the authentication information and authenticator save, determines and do not deposited on the authenticator
In the registration of first user;Sending login state to the Authentication Client is that the inquiry of unregistered login state is rung
Answer message;The authenticator registration request that the Authentication Client is sent is received, includes the clothes in the authenticator registration request
The application identities of business device;According to the application identities of the server, first user is registered on the server.
It is understood that the authenticator register device of the present embodiment can be used for realizing in Fig. 1 the method embodiment
Function, specific implementation process are referred to the associated description of above method embodiment, and details are not described herein again.
Referring to Fig. 9, the embodiment of the present invention also provides the structural schematic diagram of authenticator client, it may include: bus 903, with
The memory 901 bus 903 connected processor 902 and be connected with bus 903.Processor 902 can use in general
Central processor (Central Processing Unit, CPU), microprocessor, application specific integrated circuit (Application
Specific Integrated Circuit, ASIC), or one or more integrated circuits, for executing relative program, with
Realize technical solution provided by the embodiment of the present invention.Memory 901 can be read-only memory (Read Only Memory,
ROM), static storage device, dynamic memory or random access memory (Random Access Memory, RAM).It deposits
Reservoir 901 can store an operating system and other applications.Realizing that the embodiment of the present invention mentions by software or firmware
When the technical solution of confession, it is stored in memory 901 for realizing the program code of technical solution provided in an embodiment of the present invention,
And it is executed by processor 902.
Specifically, the processor 902 and the memory 901 are communicated by the bus 903;Wherein, described
There is computer-readable program in memory 901;The processor 902 by running the program in the memory 901, with
In receive server send the first registration request, wherein first registration request include the first user on the server
The application identities of authentication information and the server;Login state query messages, the login state inquiry are sent to authenticator
Message includes the authentication information;The login state query response message that the authenticator is sent is received, the login state is looked into
Asking response message includes to indicate unregistered login state;Authenticator registration request, the authenticator are sent to the authenticator
It include the application identities of the server in registration request.
It is understood that the authenticator register device of the present embodiment can be used for realizing in Fig. 2 the method embodiment
Function, specific implementation process are referred to the associated description of above method embodiment, and details are not described herein again.
Referring to Figure 10, the embodiment of the present invention also provides the structural schematic diagram of server, it may include: bus 1003 and bus
1003 connected processors 1002 and the memory 1001 being connected with bus 1003.Processor 1002 can use in general
Central processor (Central Processing Unit, CPU), microprocessor, application specific integrated circuit (Application
Specific Integrated Circuit, ASIC), or one or more integrated circuits, for executing relative program, with
Realize technical solution provided by the embodiment of the present invention.Memory 1001 can be read-only memory (Read Only Memory,
ROM), static storage device, dynamic memory or random access memory (Random Access Memory, RAM).It deposits
Reservoir 1001 can store an operating system and other applications.Realizing that the embodiment of the present invention mentions by software or firmware
When the technical solution of confession, memory 1001 is stored in for realizing the program code of technical solution provided in an embodiment of the present invention
In, and executed by processor 1002.
Specifically, the processor 1002 and the memory 1001 are communicated by the bus 1003;Wherein, institute
It states in memory 1001 and has computer-readable program;The processor 1002 is by running the journey in the memory 1001
Sequence, for sending the first registration request to Authentication Client, wherein institute after receiving the registration request of the first user triggering
State the application identities that the first registration request includes first user authentication information on the server and the server;It receives
The first registration response that the Authentication Client is sent;Wherein, it is described first registration response include authenticator generate public key and
Private key handle;Public key and private key handle that the authenticator generates are saved in the registration of first user on the server
In record.
It is understood that the authenticator register device of the present embodiment can be used for realizing in Fig. 3 the method embodiment
Function, specific implementation process are referred to the associated description of above method embodiment, and details are not described herein again.
Figure 11 is the structural schematic diagram of the system for the authenticator registration that one embodiment of the invention provides.Referring to Figure 11, this is
System includes 1101 Authentication Client 1102 of authenticator and server 1103, in which:
Authenticator 1101, for receiving the login state query messages of Authentication Client transmission;Wherein, the login state
Query messages include the authentication information of the first user on the server;According to the private key that the authentication information and authenticator save,
Determine the registration that first user is not present on the authenticator;Sending login state to the Authentication Client is not
The login state query response message of registration;Receive the authenticator registration request that the Authentication Client is sent, the authenticator
It include the application identities of the server in registration request;According to the application identities of the server to first user in institute
It states and is registered on server.
Authentication Client 1102, for receiving the first registration request of server transmission, wherein first registration request
Application identities including the first user authentication information on the server and the server;Login state is sent to authenticator to look into
Ask message,The login state query messages include the authentication information;Receive the login state inquiry that the authenticator is sent
Response message, the login state query response message include to indicate unregistered login state;Recognize to authenticator transmission
Device registration request is demonstrate,proved, includes the application identities of the server in the authenticator registration request.
Server 1103, for sending the first note to Authentication Client after receiving the registration request of the first user triggering
Volume request, wherein first registration request includes the authentication information and the server of first user on the server
Application identities;Receive the first registration response that the Authentication Client is sent;Wherein, the first registration response includes certification
The public key and private key handle that device generates;Public key and private key handle that the authenticator generates are saved on the server described
In the registration of first user.
The authenticator 1101, the structure of Authentication Client 1102 and server 1103 and specific processing can refer to upper
The associated description for each embodiment of the invention stated, details are not described herein again.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can borrow
Help software that the mode of required common hardware is added to realize, naturally it is also possible to by specialized hardware include specific integrated circuit, specially
It is realized with CPU, private memory, special components and parts etc..Under normal circumstances, all functions of being completed by computer program are ok
It is easily realized with corresponding hardware, moreover, being used to realize that the specific hardware structure of same function is also possible to a variety of more
Sample, such as analog circuit, digital circuit or special circuit etc..But software program is real in situations more for the purpose of the present invention
It is now more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words makes the prior art
The part of contribution can be embodied in the form of software products, which is stored in the storage medium that can be read
In, such as the floppy disk of computer, USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory
Device (RAM, Random Access Memory), magnetic or disk etc., including some instructions are with so that a computer is set
Standby (can be personal computer, server or the network equipment etc.) executes method described in each embodiment of the present invention.
The method and apparatus for being provided for the embodiments of the invention a kind of authenticator registration above are described in detail, right
In those of ordinary skill in the art, thought according to an embodiment of the present invention can in specific embodiments and applications
There is change place, therefore, the contents of this specification are not to be construed as limiting the invention.
Claims (16)
1. a kind of method of authenticator registration, which is characterized in that
Receive the login state query messages that Authentication Client is sent;Wherein, the login state query messages include the first use
The authentication information of family on the server, the authentication information are the registration note of first user saved on the server
Public key in record, or
The authentication information is that the server uses in the registration of first user saved on the server
Public key to the encrypted information of the second parameter, wherein second parameter includes in any parameter known to the authenticator
At least one;
According to the private key that the authentication information and authenticator save, the note that first user is not present on the authenticator is determined
Volume record;
Sending login state to the Authentication Client is unregistered login state query response message;
The authenticator registration request that the Authentication Client is sent is received, includes the server in the authenticator registration request
Application identities;
According to the application identities of the server, first user is registered on the server.
2. the method as described in claim 1, which is characterized in that in the application identities according to the server, to described
After first user registers on the server, the method also includes:
According to the authenticator registration request, Xiang Suoshu Authentication Client sends authenticator registration response, the authenticator registration
It include the public key and private key handle that the authenticator generates in response, in order to which the Authentication Client is sent to the server
First registration response, the first registration response include the public key and private key handle that the authenticator generates.
3. method according to claim 1 or 2, which is characterized in that
It is described when the public key in the registration that the authentication information is first user saved on the server
According to the private key that the authentication information and authenticator save, determine that there is no the registrations of first user to remember on the authenticator
Record, specifically includes:
Use the first parameter of public key encryption in the registration of first user saved on the server;Determination makes
Encrypted first parameter can not be decrypted with the private key that the authenticator saves, wherein first parameter includes institute
State at least one of any parameter known to authenticator;Or
The first parameter of private key encryption saved using the authenticator;It determines using first user on the server
Registration in public key encrypted first parameter can not be decrypted, wherein first parameter includes described recognizing
Demonstrate,prove at least one of any parameter known to device.
4. method according to claim 1 or 2, which is characterized in that
When the authentication information is the registration that the server uses first user saved on the server
In public key to the second parameter encrypted information when, the private key saved according to the authentication information and authenticator determines
The registration of first user is not present on the authenticator, specifically includes:
The encrypted information is decrypted in the private key saved using the authenticator, and determination is not available the authenticator
The encrypted information is decrypted in the private key of preservation;Wherein, second parameter includes the authenticator known
At least one of what parameter, such as at least one of any parameter known to the authenticator.
5. method according to claim 1 or 2, which is characterized in that further include described in the login state query messages
Private key handle in the registration of first user corresponding with the authentication information saved on server;At described
According to the private key that the authentication information and authenticator save, the registration that first user is not present on the authenticator is determined
Before, the method also includes:
According to the private key handle acquiring authenticator in the registration of first user saved on the server
The registration of preservation;
According to the registration that the authenticator of acquisition saves, the private key that the authenticator saves is obtained.
6. a kind of method of authenticator registration, which is characterized in that
Receive server send the first registration request, wherein first registration request include the first user on the server
Authentication information and the server application identities, wherein the authentication information be saved on the server described in
Public key in the registration of first user;Or
The authentication information is that the server uses in the registration of first user saved on the server
Public key to obtained information after the encryption of the second parameter;Wherein, second parameter includes any ginseng known to the authenticator
At least one of number;
Login state query messages are sent to authenticator, the login state query messages include the authentication information;
The login state query response message that the authenticator is sent is received, the login state query response message includes instruction
Unregistered login state;
Authenticator registration request is sent to the authenticator, includes the application mark of the server in the authenticator registration request
Know.
7. method as claimed in claim 6, which is characterized in that after the transmission registration request to the authenticator, institute
State method further include:
The authenticator registration response that the authenticator is sent is received, includes that the authenticator generates in the authenticator registration response
Public key and private key handle;
It is registered and is responded according to the authenticator, Xiang Suoshu server sends the first registration response, wraps in the first registration response
Include public key and private key handle that the authenticator generates.
8. a kind of register method of authenticator, which is characterized in that
After receiving the registration request of the first user triggering, the first registration request is sent to Authentication Client, wherein described first
Registration request includes the application identities of first user authentication information on the server and the server, wherein described
Authentication information is the public key in the registration of first user saved on the server;Or
The server uses the public key in the registration of first user saved on the server to join to second
The information obtained after number encryption;Wherein, second parameter includes at least one of any parameter known to the authenticator;
Receive the first registration response that the Authentication Client is sent;Wherein, the first registration response includes that authenticator generates
Public key and private key handle;
Public key and private key handle that the authenticator generates are saved in the registration of first user on the server
In.
9. a kind of authenticator register device, which is characterized in that
Receiving module: for receiving the login state query messages of Authentication Client transmission;Wherein, the login state inquiry disappears
Breath includes the authentication information of the first user on the server, and the authentication information is the server use on the server
Save first user registration in public key to the encrypted information of the second parameter, or
The authentication information is that the server uses in the registration of first user saved on the server
Public key to the encrypted information of the second parameter, wherein second parameter includes in any parameter known to the authenticator
At least one;
Determining module: for being protected according to the authentication information in the received login state query messages of the receiving module with authenticator
The private key deposited determines the registration that first user is not present on the authenticator;
Sending module: being unregistered login state query response message for sending login state to the Authentication Client;
The receiving module is also used to receive the authenticator registration request that the Authentication Client is sent, the authenticator registration
It include the application identities of the server in request;
Registration module: for the application identities according to the received server of the receiving module, exist to first user
It is registered on the server.
10. authenticator register device as claimed in claim 9, which is characterized in that
The sending module is also used to according to the authenticator registration request, and Xiang Suoshu Authentication Client sends authenticator registration
Response, the authenticator register the public key and private key handle generated in response including the authenticator, in order to the certification visitor
Family end sends the first registration response to the server, and the first registration response includes the public key and private that the authenticator generates
Key handle.
11. the authenticator register device as described in claim 9 or 10, which is characterized in that
It is described when the public key in the registration that the authentication information is first user saved on the server
Determining module is specifically used for:
Use the first parameter of public key encryption in the registration of first user saved on the server;Determination makes
Encrypted first parameter can not be decrypted with the private key that the authenticator saves, wherein first parameter includes institute
State at least one of any parameter known to authenticator;Or
The first parameter of private key encryption saved using the authenticator;It determines using first user on the server
Registration in public key encrypted first parameter can not be decrypted, wherein first parameter includes described recognizing
Demonstrate,prove at least one of any parameter known to device.
12. the authenticator register device as described in claim 9 or 10, which is characterized in that
When the authentication information is the registration that the server uses first user saved on the server
In public key to the second parameter encrypted information when, the determining module is specifically used for:
The encrypted information is decrypted in the private key saved using the authenticator, and determination is not available the authenticator
The encrypted information is decrypted in the private key of preservation;Wherein, second parameter includes the authenticator known
At least one of what parameter.
13. the authenticator register device as described in claim 9 or 10 is any, which is characterized in that
Further include in the login state query messages saved on the server it is corresponding with the authentication information described
Private key handle in the registration of first user;In the determining module, for being protected according to the authentication information and authenticator
The private key deposited determines before the registration of first user is not present on the authenticator, described device further include:
Obtain module: for the private key sentence in the registration according to first user saved on the server
Handle obtains the registration that authenticator saves;
The acquisition module is also used to the registration saved according to the authenticator of acquisition, obtains the authenticator and saves
Private key.
14. a kind of authenticator client, which is characterized in that
Receiving module: for receiving the first registration request of server transmission, wherein first registration request includes the first use
The authentication information of family on the server;
Sending module: the first registration request for being received according to the receiving module sends login state to authenticator and looks into
Message is ask, the login state query messages include the authentication information, wherein the authentication information is on the server
Public key in the registration of first user saved;Or
The authentication information is that the server uses in the registration of first user saved on the server
Public key to obtained information after the encryption of the second parameter;Wherein, second parameter includes any ginseng known to the authenticator
At least one of number;
The receiving module is also used to receive the login state query response message that the authenticator is sent, the login state
Query response message includes to indicate unregistered login state;
The sending module is also used to the login state query messages received according to the receiving module, Xiang Suoshu authenticator
Authenticator registration request is sent, includes the application identities of the server in the authenticator registration request.
15. authenticator client as claimed in claim 14, which is characterized in that be used in the sending module to the certification
After device sends authenticator registration request, the Authentication Client further include:
The receiving module is also used to receive the authenticator registration response that the authenticator is sent, the authenticator registration response
In include the authenticator generate public key and private key handle;
The sending module, the authenticator registration response for being also used to be received according to the receiving module, to the service
Device sends the first registration response, includes public key and private key handle that the authenticator generates in the first registration response.
16. a kind of registrar of authenticator, which is characterized in that
Sending module: for sending the first registration request to Authentication Client after receiving the registration request of the first user triggering,
Wherein, first registration request includes that the application of the authentication information and the server of first user on the server is marked
Know, wherein the authentication information is the public key in the registration of first user saved on the server;Or
The server uses the public key in the registration of first user saved on the server to join to second
The information obtained after number encryption;Wherein, second parameter includes at least one of any parameter known to the authenticator;
Receiving module: the first registration response sent for receiving the Authentication Client;Wherein, the first registration response bag
Include the public key and private key handle of authenticator generation;
Preserving module: public key and private key handle for generating the authenticator are saved in first use on the server
In the registration at family.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410529164.3A CN105577606B (en) | 2014-10-09 | 2014-10-09 | A kind of method and apparatus for realizing authenticator registration |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410529164.3A CN105577606B (en) | 2014-10-09 | 2014-10-09 | A kind of method and apparatus for realizing authenticator registration |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105577606A CN105577606A (en) | 2016-05-11 |
CN105577606B true CN105577606B (en) | 2019-03-01 |
Family
ID=55887275
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410529164.3A Active CN105577606B (en) | 2014-10-09 | 2014-10-09 | A kind of method and apparatus for realizing authenticator registration |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105577606B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107920068B (en) * | 2017-11-14 | 2020-12-11 | 北京思特奇信息技术股份有限公司 | Authentication method and system |
CN112073178B (en) * | 2019-06-10 | 2024-04-05 | 联阳半导体股份有限公司 | Authentication system and authentication method |
CN111274570A (en) * | 2019-06-25 | 2020-06-12 | 宁波奥克斯电气股份有限公司 | Encryption authentication method and device, server, readable storage medium and air conditioner |
CN111917551B (en) * | 2020-06-23 | 2021-10-01 | 深圳奥联信息安全技术有限公司 | Handle access protection method and system based on certificateless public key |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
CN1801815A (en) * | 2005-08-08 | 2006-07-12 | 华为技术有限公司 | Method for realizing initial Internet protocol multimedia subsystem registration |
CN101217480A (en) * | 2008-01-09 | 2008-07-09 | 中兴通讯股份有限公司 | A third party registration method of multi-terminal user in the subsystem of IP multimedia |
JP4128610B1 (en) * | 2007-10-05 | 2008-07-30 | グローバルサイン株式会社 | Server certificate issuing system |
CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
CN102065069A (en) * | 2009-11-11 | 2011-05-18 | 中国移动通信集团公司 | Method and system for authenticating identity and device |
CN102521731A (en) * | 2011-12-04 | 2012-06-27 | 东华大学 | Electronic contract sealing method based on barter system |
-
2014
- 2014-10-09 CN CN201410529164.3A patent/CN105577606B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
CN1801815A (en) * | 2005-08-08 | 2006-07-12 | 华为技术有限公司 | Method for realizing initial Internet protocol multimedia subsystem registration |
JP4128610B1 (en) * | 2007-10-05 | 2008-07-30 | グローバルサイン株式会社 | Server certificate issuing system |
CN101217480A (en) * | 2008-01-09 | 2008-07-09 | 中兴通讯股份有限公司 | A third party registration method of multi-terminal user in the subsystem of IP multimedia |
CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
CN102065069A (en) * | 2009-11-11 | 2011-05-18 | 中国移动通信集团公司 | Method and system for authenticating identity and device |
CN101951603A (en) * | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Access control method and system for wireless local area network |
CN102521731A (en) * | 2011-12-04 | 2012-06-27 | 东华大学 | Electronic contract sealing method based on barter system |
Also Published As
Publication number | Publication date |
---|---|
CN105577606A (en) | 2016-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220058655A1 (en) | Authentication system | |
US11711219B1 (en) | PKI-based user authentication for web services using blockchain | |
Chatterjee et al. | Secure biometric-based authentication scheme using Chebyshev chaotic map for multi-server environment | |
Li et al. | An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards | |
Das et al. | A secure and efficient uniqueness-and-anonymity-preserving remote user authentication scheme for connected health care | |
Wang et al. | Cryptanalysis and improvement of a biometric-based multi-server authentication and key agreement scheme | |
Amin et al. | Cryptanalysis and enhancement of anonymity preserving remote user mutual authentication and session key agreement scheme for e-health care systems | |
CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
Li et al. | Applying biometrics to design three‐factor remote user authentication scheme with key agreement | |
Jiang et al. | User centric three‐factor authentication protocol for cloud‐assisted wearable devices | |
Chen et al. | Mobile device integration of a fingerprint biometric remote authentication scheme | |
Jangirala et al. | A multi-server environment with secure and efficient remote user authentication scheme based on dynamic ID using smart cards | |
US20200014538A1 (en) | Methods and systems to facilitate authentication of a user | |
Shunmuganathan et al. | Secure and efficient smart-card-based remote user authentication scheme for multiserver environment | |
KR20140009105A (en) | One-time password authentication with infinite nested hash chains | |
Xie et al. | Cryptanalysis and security enhancement of a robust two‐factor authentication and key agreement protocol | |
JP2018530235A (en) | Integrated authentication system that authenticates using disposable random numbers | |
Kalra et al. | Advanced password based authentication scheme for wireless sensor networks | |
CN105577606B (en) | A kind of method and apparatus for realizing authenticator registration | |
EP3513539A1 (en) | User sign-in and authentication without passwords | |
Lee et al. | A user-friendly authentication solution using NFC card emulation on android | |
Li et al. | An improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks | |
Peeters et al. | n-auth: Mobile authentication done right | |
Dharminder et al. | Construction of lightweight authentication scheme for network applicants using smart cards | |
Aiash | A formal analysis of authentication protocols for mobile devices in next generation networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |