CN106022033A - Safety control method, safety device, and identity card card-reading terminal - Google Patents
Safety control method, safety device, and identity card card-reading terminal Download PDFInfo
- Publication number
- CN106022033A CN106022033A CN201610041106.5A CN201610041106A CN106022033A CN 106022033 A CN106022033 A CN 106022033A CN 201610041106 A CN201610041106 A CN 201610041106A CN 106022033 A CN106022033 A CN 106022033A
- Authority
- CN
- China
- Prior art keywords
- instruction
- certification
- safe condition
- state
- passed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a safety control method, a safety device, and an identity card card-reading terminal. The safety control method comprises: receiving at least a safety certification message, authenticating each safety certification message, if the authentication is passed, arranging the safety state corresponding to the safety certification message which passes the authentication into an authentication passed state, if the authentication is not passed, arranging the safety state corresponding to the safety certification message which does not pass the authentication into an authentication non-passed state, and storing the safety state; receiving an instruction, according to the instruction, searching a stored safety state corresponding to the instruction, determining whether the safety state is the authentication passed state; when the safety state is the authentication passed state, calling a bottom driving module; and receiving a response result which is generated by the bottom driving module responding to the calling, to realize safe execution of the instruction.
Description
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to a kind of method of controlling security, safety device and identity card Card Reader eventually
End.
Background technology
In the prior art, after electronic installation receives operational order, directly perform corresponding operation according to instruction calls system layer,
Require to confirm without the execution whether current security context of electronic installation when receiving instruction meets instruction, cause
Electronic installation still can perform sensitive operation in unsafe conditions so that electronic installation can not meet security requirement in use.
Summary of the invention
Present invention seek to address that the problems referred to above.
A kind of method of controlling security of offer is provided.
Another object of the present invention is to provide a kind of safety device.
Another object of the present invention is to provide a kind of identity card card-reading terminal.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
An aspect of of the present present invention provides a kind of method of controlling security, including: receive at least one secure authenticated information, to each
Individual secure authenticated information is authenticated, if certification is passed through, safe condition corresponding to the secure authenticated information certification passed through is set to
State is passed through in certification, if certification is not passed through, safe condition corresponding to the secure authenticated information certification do not passed through is set to certification not
By state, safe condition is stored;Receive instruction, search the safe condition corresponding with instruction of storage according to instruction,
Judge whether safe condition is that state is passed through in certification;Safe condition be certification pass through state time, call bottom layer driving module;Connect
Receive the response of bottom layer driving module and call the response results of generation.
Optionally, after receiving instruction, method also includes: analysed whether corresponding instruction or instruction interface, if there is
Corresponding instruction or instruction interface, trigger the step of the safe condition corresponding with instruction searching storage according to instruction.
Optionally, secure authenticated information is PIN code or biological information or the information obtained according to certification key.
Optionally, bottom layer driving module, including: security algorithm storehouse and/or file system;It is that state is passed through in certification at safe condition
Time, call bottom layer driving module, including: safe condition be certification pass through state time, call security algorithm storehouse and/or file system
System.
Another aspect provides a kind of safety device, including: authentication module, instruction judge module, calling module and
Bottom layer driving module, authentication module, it is used for receiving at least one secure authenticated information, each secure authenticated information is recognized
Card, if certification is passed through, safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if recognized
Card does not passes through, and safe condition corresponding to the secure authenticated information certification do not passed through is set to certification by state, by safe condition
Store;Instruction judge module, is used for receiving instruction, searches the safe condition corresponding with instruction of storage according to instruction,
Judge whether safe condition is that state is passed through in certification;Calling module, for safe condition be certification pass through state time, call the end
Layer drives module, receives the response results calling generation of bottom layer driving module response authentication module.
Optionally, instruct judge module, be additionally operable to analyse whether corresponding instruction or instruction interface, if there is referring to accordingly
Order or instruction interface, trigger the step of the safe condition corresponding with instruction searching storage according to instruction.
Optionally, secure authenticated information is PIN code or biological information or the information obtained according to certification key.
Optionally, bottom layer driving module, including: security algorithm storehouse and/or file system;Calling module, at safe condition
During for certification by state, call bottom layer driving module, including: calling module, being used at safe condition is that state is passed through in certification
Time, call security algorithm storehouse and/or file system.
Another aspect provides a kind of identity card card-reading terminal including above-mentioned safety device.
As seen from the above technical solution provided by the invention, the invention provides a kind of method of controlling security, safety device and
Identity card card-reading terminal, after safety device receives each instruction, can prejudge whether current safe condition meets instruction
Execution requirement, only when the execution that safe condition meets instruction requires, just allow instruction perform, it is ensured that instruction at safety collar
Border could perform.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, the required accompanying drawing used in embodiment being described below
It is briefly described, it should be apparent that, the accompanying drawing in describing below is only some embodiments of the present invention, for this area
From the point of view of those of ordinary skill, on the premise of not paying creative work, it is also possible to obtain other accompanying drawings according to these accompanying drawings.
The structural representation of the safety device that Fig. 1 provides for the embodiment of the present invention 1;
The structural representation of the identity card card-reading terminal that Fig. 2 provides for the embodiment of the present invention 2;
The flow chart of the method for controlling security that Fig. 3 provides for the embodiment of the present invention 3;
The flow chart of the identity card read method that Fig. 4 provides for the embodiment of the present invention 4.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described,
Obviously, described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Reality based on the present invention
Execute example, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into
Protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ",
Orientation or the position relationship of the instruction such as " afterwards ", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are base
In orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or hint institute
The device that refers to or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that to the present invention
Restriction.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance
Or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " install ", " being connected ",
" connect " and should be interpreted broadly, connect for example, it may be fixing, it is also possible to be to removably connect, or be integrally connected;Permissible
It is to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be two
The connection of individual element internal.For the ordinary skill in the art, can understand that above-mentioned term is in the present invention with concrete condition
In concrete meaning.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
Present embodiments provide a kind of safety device, as it is shown in figure 1, this safety device includes: authentication module 10, instruction judge
Module 11, calling module 12 and bottom layer driving module 13.
In the present embodiment, the operation principle of modules is described as follows.
Authentication module 10, is used for receiving at least one secure authenticated information, is authenticated each secure authenticated information, if
Certification is passed through, and safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if certification is not passed through,
Safe condition corresponding to the secure authenticated information certification do not passed through is set to certification by state, is stored by safe condition;
Instruction judge module 11, is used for receiving instruction, searches the safe condition corresponding with instruction of storage according to instruction, it is judged that safety
Whether state is that state is passed through in certification;Calling module 12, for safe condition be certification pass through state time, call bottom layer driving
Module 13, receives bottom layer driving module 13 and responds the response results calling generation of authentication module.
The safety device that the present embodiment provides, after receiving each instruction, all can judge whether current safe condition meets instruction
Execution requirement, only safe condition meets the execution of instruction and requires just to perform command adapted thereto, it is ensured that the use peace of safety device
Entirely.
In the present embodiment, safe condition can represent with string of binary characters, and each bit in string of binary characters represents one
The safe condition of individual secure authenticated information, can with bit 1 represent secure authenticated information certification pass through, bit 0 represent safety recognize
Card authentification of message does not passes through.After authentication module 10 receives secure authenticated information, if certification is passed through, can be by secure authenticated information
Corresponding bit position is 1, if certification is not passed through, can be 0 by bit position corresponding for secure authenticated information.Instruction judges
After module 11 receives instruction, the string of binary characters corresponding with instruction that is that receive that be that search storage, find corresponding binary system
After character string, it is judged that string of binary characters representing, whether the bit instructing the safe condition performing needs is 1, if 1,
Calling module 12 calls bottom layer driving module 13, and if 0, refusal calling module 12 calls bottom layer driving module 13.Certainly,
In the present embodiment, it is also possible to represent with bit 0 that secure authenticated information certification is passed through, bit 1 represents secure authenticated information certification
Do not pass through, be not specifically limited in the present embodiment
In the present embodiment, the instruction that instruction judge module 11 receives can be Card Reader instruction, key updating instruction etc., in this reality
Execute in example and be not specifically limited.
As an optional embodiment of the embodiment of the present invention, instruct judge module 11, be additionally operable to analyse whether to refer to accordingly
Order or instruction interface, if there is corresponding instruction or instruction interface, trigger and search the corresponding with instruction of storage according to instruction
The step of safe condition.In specific implementation process, after instruction judge module 11 may be used for receiving instruction, analyse whether phase
The instruction answered or instruction interface, if there is corresponding instruction or instruction interface, then instruction judge module 11 judges the instruction received
For valid instruction, the safe condition corresponding with instruction that is that receive that be that search storage;Connect if there is no corresponding instruction or instruction
Mouthful, then instruction judge module 11 judges that the instruction received instructs as illegal, and instruction judge module 11 refusal is searched relative with instruction
The safe condition answered.
As an optional embodiment of the embodiment of the present invention, secure authenticated information can be PIN code or biological information or
The information obtained according to certification key.
In the present embodiment, PIN code can be startup password, login password etc., is not specifically limited in the present embodiment.?
In specific implementation process, biological information can be that finger print information, face information, voiceprint, iris information etc. can tables
Show the information of individual uniqueness.
In an optional embodiment, the process of information obtained according to certification key can be obtained in such a way: certification
Module 10 is called the random number that bottom layer driving module 13 uses certification double secret key external equipment to send and is calculated, and will calculate
Result returning to external equipment, external equipment uses the corresponding same random number of certification double secret key to calculate, compares twice calculating
Result is the most identical, and comparative result returns to authentication module 10, and according to the comparative result of return is, certification key obtains
Information.Authentication module 10 is according to the comparative result returned, it is possible to judge whether safety device stores recognize identical with external equipment
Card key, if twice result of calculation is identical, represents that the authentification of message obtained according to certification key passes through, by corresponding safe shape
State is set to certification and passes through state, if twice result of calculation differs, represents that the authentification of message obtained according to certification key does not passes through,
Corresponding safe condition is set to certification and does not passes through state.
In an optional embodiment, it is also possible to obtain in such a way according to certification key obtain information: external equipment
Being encrypted the random number himself produced and obtain encryption data, the encryption data using certification double secret key to obtain carries out signing
To signature value, and encryption data is sent together with signature value the authentication module 10 to safety device.Authentication module 10 receives and adds
After ciphertext data and signature value, calling bottom layer driving module 13 and use certification double secret key signature value to carry out sign test, sign test result is root
The information obtained according to certification key.Authentication module 10 according to sign test as a result, it is possible to the identity of external equipment is authenticated and judges
Whether safety device stores the certification key identical with external equipment.If sign test is passed through, represent external equipment identity legal and
Pass through according to the authentification of message that certification key obtains, corresponding safe condition is set to certification and passes through state, if sign test is not passed through,
Represent that external equipment identity authentification of message that is illegal and that obtain according to certification key does not passes through, corresponding safe condition is set to certification
Do not pass through state.
In the present embodiment, the detailed description of the invention that bottom layer driving module 13 uses certification double secret key signature value to carry out sign test is: the end
The signature value that layer drives module 13 to use certification double secret key to receive is decrypted, and is made a summary, and utilizes HASH algorithm pair
The encryption data received carries out being calculated the summary of encryption data, and compares summary and the calculated encryption that deciphering obtains
The summary of data is the most identical, if identical, then passes through the sign test of signature value, if it is not the same, then sign test to signature value
Do not pass through.
Using PIN code or biological information as secure authenticated information, by the user identity of safety device is verified,
Prevent safety device from being usurped by other people, it is ensured that the safety of safety device.The information obtained according to certification key is recognized as safety
Card information, it is possible to the identity of the external equipment initiating key updating is authenticated and judges whether safety device stores accordingly
Certification key, it is ensured that safety device safety in key updating process.
As an optional embodiment of the embodiment of the present invention, bottom layer driving module 13, including: security algorithm storehouse 131 and/
Or file system 132;Calling module 12, for safe condition be certification pass through state time, call bottom layer driving module 13,
Including calling module 12, for safe condition be certification pass through state time, call security algorithm storehouse 131 and/or file system
132。
In the present embodiment, bottom layer driving module 13 can provide api interface to call for calling module 12.It had been embodied as
Cheng Zhong, the algoritic module that the security algorithms such as the encryption that lower hardware platform provides, signature are corresponding can be entered by security algorithm storehouse 131
Row encapsulation, generates the api interface that each security algorithm needs.Calling module 12 can be by calling security algorithm storehouse 131
The api interface generated realizes calling security algorithm storehouse 131.The api interface that security algorithm storehouse 131 generates can be for calling
Module 12 is called.
In the present embodiment, file system 132 may be used for managing the generation of file, preserves, inquires about, revises and deletion etc..
File system 132 can define basic file structure and storage mode, and provide interface to call for calling module 12.
The interface called for calling module 12 in file system 132 can also be for api interface.The basic literary composition of file system 132 definition
Part can be binary file, fixed-length file, elongated file, circular file etc., is not specifically limited in the present embodiment.Literary composition
Part system 132 can be also used for providing the mode of operation to file, includes reading file, written document etc. to the mode of operation of file,
It is not specifically limited in the present embodiment.
Security algorithm storehouse makes safety device be capable of security algorithm calculating, and file system makes safety device that file is realized peace
Full management.
Embodiment 2
Present embodiments provide a kind of identity card card-reading terminal, as in figure 2 it is shown, this identity card card-reading terminal includes in embodiment 1
Safety device.The identity card card-reading terminal that the present embodiment provides, after receiving each instruction, all can judge current safe shape
The execution requirement of the most satisfied instruction of state, only safe condition meet the execution of instruction and require just to perform command adapted thereto, it is ensured that read
The safety of card.
It should be noted that the present embodiment provide identity card card-reading terminal and be not provided with verify safety control module, but
Cloud authentication platform arranges the module that the ciphertext data read from identity card can realize deciphering, any wired with passing through per family
Or wireless network is linked into cloud authentication platform to realize the reading to identity card.
In the present embodiment, identity card card-reading terminal can also comprise communication module 24, and communication module 24 at least includes that two connect
Mouthful: card reading interface 241 and communication interface 242.Card reading interface 241, for carrying out communication with identity card, can be 14443 to connect
Mouthful, it is also possible to for other non-contact interfaces, it is not construed as limiting in the present embodiment.Communication interface 242 is for entering with cloud authentication platform
Row communication.If communication interface 242 can directly be communicated with cloud authentication platform by cable network or wireless network, the most now communicate
Interface can be radio network interface (such as: WIFI interface) or wired network interface;If communication interface 242 and host computer
Connect, utilize host computer (such as mobile phone, PAD (panel computer) or PC etc.) by cable network or wireless network and cloud
Authentication platform communicates, and communication interface 242 the most now can be that USB interface or blue tooth interface etc. can communicate with host computer
Interface, be not construed as limiting in the present embodiment.
In the present embodiment, bottom layer driving module 13 can also comprise communications protocol storehouse 133, comprises body in communications protocol storehouse 133
Communications protocol needed for part card card-reading terminal, including at least two class communications protocol in communications protocol storehouse 133: card reading interface 241 is right
The communications protocol answered and the communications protocol of communication interface 242 correspondence.The communications protocol of card reading interface 241 correspondence can be 14443
Communications protocol, it is also possible to for the communications protocol that other non-contact interfaces are corresponding, be not construed as limiting in the present embodiment.If communication connects
Mouth 242 can directly be communicated with cloud authentication platform by cable network or wireless network, the most now communication of communication interface 242 correspondence
Agreement is radio network interface communications protocol (such as: WIFI agreement) or wired network protocol;If communication interface 242 is with upper
Position machine connects, and utilizes host computer (such as mobile phone, PAD (panel computer) or PC etc.) by cable network or wireless network
Communicating with cloud authentication platform, the most now the communications protocol of communication interface 242 correspondence can be usb protocol or Bluetooth protocol, at this
Embodiment is not construed as limiting.
In specific implementation process, after the card reading interface 241 in communication module 24 receives the carrier signal that identity card sends, first
First pass through communications protocol storehouse 133 and the carrier signal of reception is converted to digital command, and digital command is sent to instruction judges mould
Block 11 processes.After the card reading interface 241 of communication module 24 receives the digital command that instruction judge module 11 returns,
The digital command of reception is converted to carrier signal, and carrier signal is sent to identity card.
Embodiment 3
Present embodiments providing a kind of method of controlling security, this method of controlling security is applied to the safety device in embodiment 1.
The flow chart of the method for controlling security that Fig. 3 provides for the present embodiment, the method mainly includes the following steps that (S301~S304):
S301: receive at least one secure authenticated information, is authenticated each secure authenticated information, if certification is passed through,
Safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if certification is not passed through, by certification not
Safe condition corresponding to the secure authenticated information passed through is set to certification by state, is stored by safe condition;
In the present embodiment, safe condition can represent with string of binary characters, and each bit in string of binary characters represents one
The safe condition of individual secure authenticated information, can with bit 1 represent secure authenticated information certification pass through, bit 0 represent safety recognize
Card authentification of message does not passes through, it is also possible to represent with bit 0 that secure authenticated information certification is passed through, bit 1 represents secure authenticated information
Certification is not passed through, and is not specifically limited in the present embodiment.After receiving secure authenticated information, if certification is passed through, can will pacify
The bit position that full authentication information is corresponding is 1, if certification is not passed through, can be 0 by bit position corresponding for secure authenticated information.
As an optional embodiment of the embodiment of the present invention, secure authenticated information can be PIN code or biological information or
The information obtained according to certification key.
In the present embodiment, PIN code can be startup password, login password etc., is not specifically limited in the present embodiment.?
In specific implementation process, biological information can be that finger print information, face information, voiceprint, iris information etc. can tables
Show the information of individual uniqueness.
In an optional embodiment, the information obtained according to certification key can be obtained in such a way: call bottom and drive
The random number that dynamic model block uses certification double secret key external equipment to send calculates, by result of calculation returning to external equipment, outward
Portion's equipment uses the corresponding same random number of certification double secret key to calculate, and the result comparing twice calculating is the most identical, and will compare
Relatively result return, the comparative result of return be according to certification key obtain information.Safety device according to return comparative result,
It is capable of deciding whether to store the certification key identical with external equipment, if twice result of calculation is identical, then safe condition is put
For certification by state, if twice result of calculation differs, then safe condition is set to certification and does not passes through state.Represent basis
The authentification of message that certification key obtains passes through, and corresponding safe condition is set to certification and passes through state, if twice result of calculation is not
Identical, represent that the authentification of message obtained according to certification key does not passes through, corresponding safe condition is set to certification and does not passes through state.
In an optional embodiment, it is also possible to obtain in such a way according to certification key obtain information: external equipment
Being encrypted the random number himself produced and obtain encryption data, the encryption data using certification double secret key to obtain carries out signing
To signature value, and encryption data is sent to safety device together with signature value.After safety device receives encryption data and signature value,
Call bottom layer driving module use certification double secret key signature value carry out sign test, sign test result be according to certification key obtain information.
According to sign test as a result, it is possible to the identity of external equipment is authenticated and to judge whether safety device stores identical with external equipment
Certification key.If sign test is passed through, represent that external equipment identity authentification of message that is legal and that obtain according to certification key passes through,
Corresponding safe condition is set to certification by state, if sign test is not passed through, represents that external equipment identity is illegal and according to certification
The authentification of message that key obtains does not passes through, and corresponding safe condition is set to certification and does not passes through state.
In the present embodiment, the detailed description of the invention that bottom layer driving module uses certification double secret key signature value to carry out sign test is: bottom
The signature value driving module to use certification double secret key to receive is decrypted, and is made a summary, and utilizes HASH algorithm to receiving
Encryption data carry out being calculated the summary of encryption data, and compare summary and calculated encryption data that deciphering obtains
Make a summary the most identical, if identical, then the sign test of signature value is passed through, if it is not the same, then the sign test of signature value is not passed through.
Using PIN code or biological information as secure authenticated information, user identity is verified, prevents from usurping.By root
The information obtained according to certification key is as secure authenticated information, it is possible to be authenticated the identity of external equipment initiating key updating
And judge whether safety device stores corresponding certification key, it is ensured that safety device safety in key updating process.
S302: receive instruction, search storage according to instruction with the corresponding safe condition of instruction, it is judged that whether safe condition is
State is passed through in certification;
In the present embodiment, the instruction of reception can be Card Reader instruction, key updating instruction etc., does not the most make concrete
Limit.
As an optional embodiment of the embodiment of the present invention, after receiving instruction, method of controlling security also includes: analyze
Whether there are corresponding instruction or instruction interface, if there is corresponding instruction or instruction interface, trigger and search storage according to instruction
The step of the safe condition corresponding with instruction.In specific implementation process, after receiving instruction, first analyse whether to refer to accordingly
Order or instruction interface, if there is corresponding instruction or instruction interface, then judge that the instruction received is valid instruction, according to instruction
Search the safe condition corresponding with instruction of storage, if there is no corresponding instruction or instruction interface, then judge the finger received
Order searches safe condition for illegal instruction, refusal.
In the present embodiment, safe condition can represent with string of binary characters, receive instruction after, search storage with receive
Instruct corresponding string of binary characters, after finding corresponding string of binary characters, it is judged that string of binary characters represents instruction
Whether the bit of the safe condition performing needs is 1, if representing in string of binary characters that instruction performs the safe condition needed
Bit be 1, call bottom layer driving module, if 0, refusal call bottom layer driving module.
S303: safe condition be certification pass through state time, call bottom layer driving module;
S304: receive the response of bottom layer driving module and call the response results of generation.
As an optional embodiment of the embodiment of the present invention, bottom layer driving module, including: security algorithm storehouse and/or file system
System;Safe condition be certification pass through state time, call bottom layer driving module, including: be that state is passed through in certification at safe condition
Time, call security algorithm storehouse and/or file system.
In the present embodiment, bottom layer driving module can provide api interface for calling.In specific implementation process, security algorithm
The algoritic module that the security algorithms such as the encryption that lower hardware platform provides, signature are corresponding can be packaged by storehouse, generates each
The api interface that security algorithm needs.The api interface generated by calling security algorithm storehouse can realize the tune to security algorithm storehouse
With.
In the present embodiment, file system management file generation, preserve, inquire about, revise and deletion etc..Additionally, file system
Can define basic file structure and storage mode in system, and provide interface for calling, the interface Gong calling can be that API connects
Mouthful.The file of file system definition can be binary file, fixed-length file, elongated file, circular file etc., in this enforcement
Example is not specifically limited.File system can be also used for providing the mode of operation to file, includes reading to the mode of operation of file
File, written document etc., be not specifically limited in the present embodiment.
The security algorithm storehouse that the present embodiment provides is capable of security algorithm and calculates, and file system can realize safety management to file.
Whether the method for controlling security provided by the present embodiment, after receiving each instruction, all can judge current safe condition
The execution requirement of satisfied instruction, only safe condition meet the execution of instruction and require just to perform command adapted thereto, it is ensured that holding of instruction
Row safety.
Embodiment 4
Present embodiments providing a kind of identity card read method, the identity card that this identity card read method is applied in embodiment 2 is read
Card terminal.
The flow chart of the card reading method that Fig. 4 provides for the present embodiment, the method mainly includes the following steps that (S401~S404):
S401: receive at least one PIN code, is authenticated each PIN code, if certification is passed through, certification is passed through
The safe condition that PIN code is corresponding is set to certification and passes through state, if certification is not passed through, PIN code certification not passed through is corresponding
Safe condition is set to certification not by state, is stored by safe condition;
In the present embodiment, the safe condition that PIN code is corresponding can represent with string of binary characters, every in string of binary characters
Individual bit represents the safe condition of the PIN code of an index.In specific implementation process, can be by the binary word of 8
Symbol string represents the safe condition of PIN code, after receiving a PIN code, if certification is passed through, and can be by ratio corresponding for this PIN code
Special position is 1, if certification is not passed through, can be 0 by bit position corresponding for this PIN code.For example, it is possible to 00000001
Represent the first PIN code certification by, represent that with 00,000,010 second PIN code certification is passed through, represented the 3rd PIN with 00000100
Code authentication passes through, it is also possible to 00010000 represent the first PIN code certification by, represent that with 00,100,000 second PIN code is recognized
Demonstrate,prove by, represent that with 01000000 the 3rd PIN code certification is passed through, it is also possible to otherwise represent, do not make
Limit.
S402: reception identity card reads and instructs, reads the corresponding with identity card reading instruction of instruction lookup storage according to identity card
The safe condition of PIN code, it is judged that whether safe condition is that state is passed through in certification;
In the present embodiment, after receiving identity card reading instruction, can analyse whether that corresponding identity card reads instruction or identity
Card reads instruction interface, reads instruction if there is corresponding identity card or identity card reads instruction interface, then judge the body received
It is legal identity card reading instruction that part card reads instruction, reads instruction lookup according to legal identity card and identity card reads instruction
Corresponding PIN code safe condition, reads instruction if there is no corresponding identity card or identity card reads instruction interface, then sentence
The identity card that disconnecting is received reads instruction and reads instruction for illegal identity card, and refusal searches the safe condition of PIN code.
In the present embodiment, the safe shape that the corresponding safe condition of instruction can be one or more PIN code is read with identity card
State, in specific implementation process, reading the corresponding safe condition of instruction with identity card can be the safety representing the first PIN code
The string of binary characters of state, it is also possible to for representing the string of binary characters of the safe condition of the second PIN code, it is also possible to for representing
The safe condition of the first PIN code and the string of binary characters of the safe condition of the second PIN code, be not restricted.
After finding the string of binary characters of the safe condition representing PIN code, it is judged that string of binary characters meets identity card and reads instruction
Whether the bit of the safe condition performing one or more PIN codes of needs is 1.
S403: safe condition be certification pass through state time, call bottom layer driving module;
In the present embodiment, in string of binary characters, meet one or more PIN codes of identity card reading instruction execution needs
When the bit of safe condition is 1, calling bottom layer driving module, if 0, refusal calls bottom layer driving module.
In the present embodiment, bottom layer driving module can include communications protocol storehouse.Identity card reads after instructing by safety check,
Call communications protocol storehouse, carry out ID card information reading.
S404: receive the response of bottom layer driving module and call the response results of generation.
In the present embodiment, bottom layer driving module can also include file system and security algorithm storehouse.After reading identity card information,
Transfer key from the file system of bottom layer driving module, be encrypted computing by security algorithm storehouse and obtain ciphertext, carry out signature fortune
Calculation obtains signature value, ciphertext and signature value is returned.
The identity card read method provided by the present embodiment, after receiving identity card reading instruction, first determines whether to perform identity card
Whether the safe condition of PIN code that reading instruction needs is that certification is passed through, only the safe condition of PIN code be certification when passing through
Perform identity card and read instruction, it is ensured that identity card reads the safety of process.
Any process described otherwise above or method describe and are construed as in flow chart or at this, represent include one or
The module of code, fragment or the part of the executable instruction of the more steps for realizing specific logical function or process, and
The scope of the preferred embodiment of the present invention includes other realization, wherein can not be by order that is shown or that discuss, including root
According to involved function by basic mode simultaneously or in the opposite order, performing function, this should be by embodiments of the invention institute
Belong to those skilled in the art to be understood.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.In above-mentioned enforcement
In mode, multiple steps or method can be with storing the software or firmware that in memory and be performed by suitable instruction execution system
Realize.Such as, if realized with hardware, with the most the same, available following technology well known in the art
In any one or their combination realize: have and patrol for the discrete of logic gates that data signal is realized logic function
Collect circuit, there is the special IC of suitable combination logic gate circuit, programmable gate array (PGA), field programmable gate
Array (FPGA) etc..
Those skilled in the art are appreciated that it is permissible for realizing all or part of step that above-described embodiment method carries
Instructing relevant hardware by program to complete, described program can be stored in a kind of computer-readable recording medium, this journey
Sequence upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to be each
Unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated module is the most permissible
The form using hardware realizes, it would however also be possible to employ the form of software function module realizes.If described integrated module is with software merit
Can the form of module realize and as independent production marketing or when using, it is also possible to be stored in the storage of embodied on computer readable and be situated between
In matter.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " concrete example ",
Or specific features, structure, material or the feature that the description of " some examples " etc. means to combine this embodiment or example describes comprises
In at least one embodiment or example of the present invention.In this manual, the schematic representation to above-mentioned term not necessarily refers to
It is identical embodiment or example.And, the specific features of description, structure, material or feature can at any one or
Multiple embodiments or example combine in an appropriate manner.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is exemplary,
Being not considered as limiting the invention, those of ordinary skill in the art is in the case of without departing from the principle of the present invention and objective
Above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention is by appended power
Profit requires and equivalent limits.
Claims (9)
1. a method of controlling security, it is characterised in that described method includes:
Receive at least one secure authenticated information, each secure authenticated information described is authenticated, if certification is passed through, will
Safe condition corresponding to secure authenticated information that certification is passed through is set to certification by state, if certification is not passed through, will authenticate obstructed
Safe condition corresponding to the secure authenticated information crossed is set to certification by state, is stored by described safe condition;
Receive instruction, search the safe condition corresponding with described instruction of storage according to described instruction, it is judged that described safe condition
Whether it is that state is passed through in certification;
Described safe condition be certification pass through state time, call bottom layer driving module;
Receive the response of described bottom layer driving module and call the response results of generation.
Method of controlling security the most according to claim 1, it is characterised in that after receiving instruction, described method is also wrapped
Include:
Analyse whether corresponding instruction or instruction interface, if there is corresponding described instruction or described instruction interface, trigger institute
State the step of the safe condition corresponding with described instruction searching storage according to described instruction.
Method of controlling security the most according to claim 1 and 2, it is characterised in that described secure authenticated information is PIN code
Biological information or according to certification key obtain information.
4. according to the method for controlling security described in any one of claim 1-3, it is characterised in that described bottom layer driving module, bag
Include: security algorithm storehouse and/or file system;
Described safe condition be certification pass through state time, call bottom layer driving module, including:
Described safe condition be certification pass through state time, call described security algorithm storehouse and/or described file system.
5. a safety device, it is characterised in that including: authentication module, instruction judge module, calling module and bottom layer driving
Module;
Described authentication module, is used for receiving at least one secure authenticated information, is authenticated each secure authenticated information described,
If certification is passed through, safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if certification is not
Passing through, safe condition corresponding to the secure authenticated information certification do not passed through is set to certification by state, by described safe condition
Store;
Described instruction judge module, is used for receiving instruction, searches the safety corresponding with described instruction of storage according to described instruction
State, it is judged that whether described safe condition is that state is passed through in certification;
Described calling module, for described safe condition be certification pass through state time, call bottom layer driving module, receive described
Bottom layer driving module responds the response results calling generation of described authentication module.
Safety device the most according to claim 5, it is characterised in that
Described instruction judge module, is additionally operable to analyse whether corresponding instruction or instruction interface, if there is corresponding described finger
Order or described instruction interface, trigger the step of the described safe condition corresponding with described instruction searching storage according to described instruction.
7. according to the safety device described in claim 5 or 6, it is characterised in that described secure authenticated information is PIN code or life
Thing characteristic information or the information obtained according to certification key.
8. according to the safety device described in any one of claim 5-7, it is characterised in that described bottom layer driving module, including:
Security algorithm storehouse and/or file system;
Described calling module, for described safe condition be certification pass through state time, call bottom layer driving module, including:
Described calling module, for described safe condition be certification pass through state time, call described security algorithm storehouse and/or described
File system.
9. an identity card card-reading terminal, it is characterised in that include the safety device described in any one of claim 5 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610041106.5A CN106022033B (en) | 2016-01-21 | 2016-01-21 | A kind of method of controlling security, safety device and identity card card-reading terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610041106.5A CN106022033B (en) | 2016-01-21 | 2016-01-21 | A kind of method of controlling security, safety device and identity card card-reading terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106022033A true CN106022033A (en) | 2016-10-12 |
CN106022033B CN106022033B (en) | 2019-06-28 |
Family
ID=57082689
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610041106.5A Active CN106022033B (en) | 2016-01-21 | 2016-01-21 | A kind of method of controlling security, safety device and identity card card-reading terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106022033B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103107985A (en) * | 2012-12-04 | 2013-05-15 | 百度在线网络技术(北京)有限公司 | Cloud terminal authentication method, system and device |
US20130159733A1 (en) * | 2011-12-16 | 2013-06-20 | Jae-Bum Lee | Memory device which protects secure data, method of operating the memory device, and method of generating authentication information |
CN103226703A (en) * | 2013-05-11 | 2013-07-31 | 青岛科技大学 | Identity authentication and management system based on biological feature identification technology |
-
2016
- 2016-01-21 CN CN201610041106.5A patent/CN106022033B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130159733A1 (en) * | 2011-12-16 | 2013-06-20 | Jae-Bum Lee | Memory device which protects secure data, method of operating the memory device, and method of generating authentication information |
CN103107985A (en) * | 2012-12-04 | 2013-05-15 | 百度在线网络技术(北京)有限公司 | Cloud terminal authentication method, system and device |
CN103226703A (en) * | 2013-05-11 | 2013-07-31 | 青岛科技大学 | Identity authentication and management system based on biological feature identification technology |
Also Published As
Publication number | Publication date |
---|---|
CN106022033B (en) | 2019-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
US9288192B2 (en) | System and method for securing data from a remote input device | |
US8064598B2 (en) | Apparatus, method and computer program product providing enforcement of operator lock | |
US9749865B2 (en) | Method and apparatus for managing beacon device | |
CN102936980B (en) | Method and device for controlling electronic lock | |
US20190165947A1 (en) | Signatures for near field communications | |
US20090298468A1 (en) | System and method for deleting data in a communication device | |
US20070283427A1 (en) | Simplified identity management of a common area endpoint | |
KR20200085230A (en) | Holistic module authentication with a device | |
EP2809046A1 (en) | Associating distinct security modes with distinct wireless authenticators | |
US7734279B2 (en) | Method and system for controlling resources via a mobile terminal, related network and computer program product therefor | |
JP2012530311A5 (en) | ||
CN104205891A (en) | Virtual sim card cloud platform | |
US20200007334A1 (en) | User authentication using a companion device | |
US9171140B2 (en) | System and method for unified passcode processing | |
CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
CN106027250A (en) | Identity card information safety transmission method and system | |
CN112514323A (en) | Electronic device for processing digital key and operation method thereof | |
CN108322440B (en) | Card reading login method and security login system by using security equipment | |
CN106022095A (en) | Safety device, safety control method and identity card card-reading terminal | |
CN115834074A (en) | Identity authentication method, device and equipment | |
US20180060558A1 (en) | Method of authenticating a user at a security device | |
CN106022033A (en) | Safety control method, safety device, and identity card card-reading terminal | |
US11972651B2 (en) | Intelligent key device and verification method therefor | |
CN106022140A (en) | Method and system for reading identity card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220413 Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094 Patentee after: TENDYRON Corp. Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing Patentee before: Li Ming |