CN106022033A - Safety control method, safety device, and identity card card-reading terminal - Google Patents

Safety control method, safety device, and identity card card-reading terminal Download PDF

Info

Publication number
CN106022033A
CN106022033A CN201610041106.5A CN201610041106A CN106022033A CN 106022033 A CN106022033 A CN 106022033A CN 201610041106 A CN201610041106 A CN 201610041106A CN 106022033 A CN106022033 A CN 106022033A
Authority
CN
China
Prior art keywords
instruction
certification
safe condition
state
passed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610041106.5A
Other languages
Chinese (zh)
Other versions
CN106022033B (en
Inventor
李明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
李明
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 李明 filed Critical 李明
Priority to CN201610041106.5A priority Critical patent/CN106022033B/en
Publication of CN106022033A publication Critical patent/CN106022033A/en
Application granted granted Critical
Publication of CN106022033B publication Critical patent/CN106022033B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a safety control method, a safety device, and an identity card card-reading terminal. The safety control method comprises: receiving at least a safety certification message, authenticating each safety certification message, if the authentication is passed, arranging the safety state corresponding to the safety certification message which passes the authentication into an authentication passed state, if the authentication is not passed, arranging the safety state corresponding to the safety certification message which does not pass the authentication into an authentication non-passed state, and storing the safety state; receiving an instruction, according to the instruction, searching a stored safety state corresponding to the instruction, determining whether the safety state is the authentication passed state; when the safety state is the authentication passed state, calling a bottom driving module; and receiving a response result which is generated by the bottom driving module responding to the calling, to realize safe execution of the instruction.

Description

A kind of method of controlling security, safety device and identity card card-reading terminal
Technical field
The present invention relates to a kind of electronic technology field, particularly relate to a kind of method of controlling security, safety device and identity card Card Reader eventually End.
Background technology
In the prior art, after electronic installation receives operational order, directly perform corresponding operation according to instruction calls system layer, Require to confirm without the execution whether current security context of electronic installation when receiving instruction meets instruction, cause Electronic installation still can perform sensitive operation in unsafe conditions so that electronic installation can not meet security requirement in use.
Summary of the invention
Present invention seek to address that the problems referred to above.
A kind of method of controlling security of offer is provided.
Another object of the present invention is to provide a kind of safety device.
Another object of the present invention is to provide a kind of identity card card-reading terminal.
For reaching above-mentioned purpose, technical scheme is specifically achieved in that
An aspect of of the present present invention provides a kind of method of controlling security, including: receive at least one secure authenticated information, to each Individual secure authenticated information is authenticated, if certification is passed through, safe condition corresponding to the secure authenticated information certification passed through is set to State is passed through in certification, if certification is not passed through, safe condition corresponding to the secure authenticated information certification do not passed through is set to certification not By state, safe condition is stored;Receive instruction, search the safe condition corresponding with instruction of storage according to instruction, Judge whether safe condition is that state is passed through in certification;Safe condition be certification pass through state time, call bottom layer driving module;Connect Receive the response of bottom layer driving module and call the response results of generation.
Optionally, after receiving instruction, method also includes: analysed whether corresponding instruction or instruction interface, if there is Corresponding instruction or instruction interface, trigger the step of the safe condition corresponding with instruction searching storage according to instruction.
Optionally, secure authenticated information is PIN code or biological information or the information obtained according to certification key.
Optionally, bottom layer driving module, including: security algorithm storehouse and/or file system;It is that state is passed through in certification at safe condition Time, call bottom layer driving module, including: safe condition be certification pass through state time, call security algorithm storehouse and/or file system System.
Another aspect provides a kind of safety device, including: authentication module, instruction judge module, calling module and Bottom layer driving module, authentication module, it is used for receiving at least one secure authenticated information, each secure authenticated information is recognized Card, if certification is passed through, safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if recognized Card does not passes through, and safe condition corresponding to the secure authenticated information certification do not passed through is set to certification by state, by safe condition Store;Instruction judge module, is used for receiving instruction, searches the safe condition corresponding with instruction of storage according to instruction, Judge whether safe condition is that state is passed through in certification;Calling module, for safe condition be certification pass through state time, call the end Layer drives module, receives the response results calling generation of bottom layer driving module response authentication module.
Optionally, instruct judge module, be additionally operable to analyse whether corresponding instruction or instruction interface, if there is referring to accordingly Order or instruction interface, trigger the step of the safe condition corresponding with instruction searching storage according to instruction.
Optionally, secure authenticated information is PIN code or biological information or the information obtained according to certification key.
Optionally, bottom layer driving module, including: security algorithm storehouse and/or file system;Calling module, at safe condition During for certification by state, call bottom layer driving module, including: calling module, being used at safe condition is that state is passed through in certification Time, call security algorithm storehouse and/or file system.
Another aspect provides a kind of identity card card-reading terminal including above-mentioned safety device.
As seen from the above technical solution provided by the invention, the invention provides a kind of method of controlling security, safety device and Identity card card-reading terminal, after safety device receives each instruction, can prejudge whether current safe condition meets instruction Execution requirement, only when the execution that safe condition meets instruction requires, just allow instruction perform, it is ensured that instruction at safety collar Border could perform.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, the required accompanying drawing used in embodiment being described below It is briefly described, it should be apparent that, the accompanying drawing in describing below is only some embodiments of the present invention, for this area From the point of view of those of ordinary skill, on the premise of not paying creative work, it is also possible to obtain other accompanying drawings according to these accompanying drawings.
The structural representation of the safety device that Fig. 1 provides for the embodiment of the present invention 1;
The structural representation of the identity card card-reading terminal that Fig. 2 provides for the embodiment of the present invention 2;
The flow chart of the method for controlling security that Fig. 3 provides for the embodiment of the present invention 3;
The flow chart of the identity card read method that Fig. 4 provides for the embodiment of the present invention 4.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, Obviously, described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Reality based on the present invention Execute example, the every other embodiment that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into Protection scope of the present invention.
In describing the invention, it is to be understood that term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", Orientation or the position relationship of the instruction such as " afterwards ", "left", "right", " vertically ", " level ", " top ", " end ", " interior ", " outward " are base In orientation shown in the drawings or position relationship, it is for only for ease of the description present invention and simplifies description rather than instruction or hint institute The device that refers to or element must have specific orientation, with specific azimuth configuration and operation, therefore it is not intended that to the present invention Restriction.Additionally, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance Or quantity or position.
In describing the invention, it should be noted that unless otherwise clearly defined and limited, term " install ", " being connected ", " connect " and should be interpreted broadly, connect for example, it may be fixing, it is also possible to be to removably connect, or be integrally connected;Permissible It is to be mechanically connected, it is also possible to be electrical connection;Can be to be joined directly together, it is also possible to be indirectly connected to by intermediary, can be two The connection of individual element internal.For the ordinary skill in the art, can understand that above-mentioned term is in the present invention with concrete condition In concrete meaning.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Embodiment 1
Present embodiments provide a kind of safety device, as it is shown in figure 1, this safety device includes: authentication module 10, instruction judge Module 11, calling module 12 and bottom layer driving module 13.
In the present embodiment, the operation principle of modules is described as follows.
Authentication module 10, is used for receiving at least one secure authenticated information, is authenticated each secure authenticated information, if Certification is passed through, and safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if certification is not passed through, Safe condition corresponding to the secure authenticated information certification do not passed through is set to certification by state, is stored by safe condition; Instruction judge module 11, is used for receiving instruction, searches the safe condition corresponding with instruction of storage according to instruction, it is judged that safety Whether state is that state is passed through in certification;Calling module 12, for safe condition be certification pass through state time, call bottom layer driving Module 13, receives bottom layer driving module 13 and responds the response results calling generation of authentication module.
The safety device that the present embodiment provides, after receiving each instruction, all can judge whether current safe condition meets instruction Execution requirement, only safe condition meets the execution of instruction and requires just to perform command adapted thereto, it is ensured that the use peace of safety device Entirely.
In the present embodiment, safe condition can represent with string of binary characters, and each bit in string of binary characters represents one The safe condition of individual secure authenticated information, can with bit 1 represent secure authenticated information certification pass through, bit 0 represent safety recognize Card authentification of message does not passes through.After authentication module 10 receives secure authenticated information, if certification is passed through, can be by secure authenticated information Corresponding bit position is 1, if certification is not passed through, can be 0 by bit position corresponding for secure authenticated information.Instruction judges After module 11 receives instruction, the string of binary characters corresponding with instruction that is that receive that be that search storage, find corresponding binary system After character string, it is judged that string of binary characters representing, whether the bit instructing the safe condition performing needs is 1, if 1, Calling module 12 calls bottom layer driving module 13, and if 0, refusal calling module 12 calls bottom layer driving module 13.Certainly, In the present embodiment, it is also possible to represent with bit 0 that secure authenticated information certification is passed through, bit 1 represents secure authenticated information certification Do not pass through, be not specifically limited in the present embodiment
In the present embodiment, the instruction that instruction judge module 11 receives can be Card Reader instruction, key updating instruction etc., in this reality Execute in example and be not specifically limited.
As an optional embodiment of the embodiment of the present invention, instruct judge module 11, be additionally operable to analyse whether to refer to accordingly Order or instruction interface, if there is corresponding instruction or instruction interface, trigger and search the corresponding with instruction of storage according to instruction The step of safe condition.In specific implementation process, after instruction judge module 11 may be used for receiving instruction, analyse whether phase The instruction answered or instruction interface, if there is corresponding instruction or instruction interface, then instruction judge module 11 judges the instruction received For valid instruction, the safe condition corresponding with instruction that is that receive that be that search storage;Connect if there is no corresponding instruction or instruction Mouthful, then instruction judge module 11 judges that the instruction received instructs as illegal, and instruction judge module 11 refusal is searched relative with instruction The safe condition answered.
As an optional embodiment of the embodiment of the present invention, secure authenticated information can be PIN code or biological information or The information obtained according to certification key.
In the present embodiment, PIN code can be startup password, login password etc., is not specifically limited in the present embodiment.? In specific implementation process, biological information can be that finger print information, face information, voiceprint, iris information etc. can tables Show the information of individual uniqueness.
In an optional embodiment, the process of information obtained according to certification key can be obtained in such a way: certification Module 10 is called the random number that bottom layer driving module 13 uses certification double secret key external equipment to send and is calculated, and will calculate Result returning to external equipment, external equipment uses the corresponding same random number of certification double secret key to calculate, compares twice calculating Result is the most identical, and comparative result returns to authentication module 10, and according to the comparative result of return is, certification key obtains Information.Authentication module 10 is according to the comparative result returned, it is possible to judge whether safety device stores recognize identical with external equipment Card key, if twice result of calculation is identical, represents that the authentification of message obtained according to certification key passes through, by corresponding safe shape State is set to certification and passes through state, if twice result of calculation differs, represents that the authentification of message obtained according to certification key does not passes through, Corresponding safe condition is set to certification and does not passes through state.
In an optional embodiment, it is also possible to obtain in such a way according to certification key obtain information: external equipment Being encrypted the random number himself produced and obtain encryption data, the encryption data using certification double secret key to obtain carries out signing To signature value, and encryption data is sent together with signature value the authentication module 10 to safety device.Authentication module 10 receives and adds After ciphertext data and signature value, calling bottom layer driving module 13 and use certification double secret key signature value to carry out sign test, sign test result is root The information obtained according to certification key.Authentication module 10 according to sign test as a result, it is possible to the identity of external equipment is authenticated and judges Whether safety device stores the certification key identical with external equipment.If sign test is passed through, represent external equipment identity legal and Pass through according to the authentification of message that certification key obtains, corresponding safe condition is set to certification and passes through state, if sign test is not passed through, Represent that external equipment identity authentification of message that is illegal and that obtain according to certification key does not passes through, corresponding safe condition is set to certification Do not pass through state.
In the present embodiment, the detailed description of the invention that bottom layer driving module 13 uses certification double secret key signature value to carry out sign test is: the end The signature value that layer drives module 13 to use certification double secret key to receive is decrypted, and is made a summary, and utilizes HASH algorithm pair The encryption data received carries out being calculated the summary of encryption data, and compares summary and the calculated encryption that deciphering obtains The summary of data is the most identical, if identical, then passes through the sign test of signature value, if it is not the same, then sign test to signature value Do not pass through.
Using PIN code or biological information as secure authenticated information, by the user identity of safety device is verified, Prevent safety device from being usurped by other people, it is ensured that the safety of safety device.The information obtained according to certification key is recognized as safety Card information, it is possible to the identity of the external equipment initiating key updating is authenticated and judges whether safety device stores accordingly Certification key, it is ensured that safety device safety in key updating process.
As an optional embodiment of the embodiment of the present invention, bottom layer driving module 13, including: security algorithm storehouse 131 and/ Or file system 132;Calling module 12, for safe condition be certification pass through state time, call bottom layer driving module 13, Including calling module 12, for safe condition be certification pass through state time, call security algorithm storehouse 131 and/or file system 132。
In the present embodiment, bottom layer driving module 13 can provide api interface to call for calling module 12.It had been embodied as Cheng Zhong, the algoritic module that the security algorithms such as the encryption that lower hardware platform provides, signature are corresponding can be entered by security algorithm storehouse 131 Row encapsulation, generates the api interface that each security algorithm needs.Calling module 12 can be by calling security algorithm storehouse 131 The api interface generated realizes calling security algorithm storehouse 131.The api interface that security algorithm storehouse 131 generates can be for calling Module 12 is called.
In the present embodiment, file system 132 may be used for managing the generation of file, preserves, inquires about, revises and deletion etc.. File system 132 can define basic file structure and storage mode, and provide interface to call for calling module 12. The interface called for calling module 12 in file system 132 can also be for api interface.The basic literary composition of file system 132 definition Part can be binary file, fixed-length file, elongated file, circular file etc., is not specifically limited in the present embodiment.Literary composition Part system 132 can be also used for providing the mode of operation to file, includes reading file, written document etc. to the mode of operation of file, It is not specifically limited in the present embodiment.
Security algorithm storehouse makes safety device be capable of security algorithm calculating, and file system makes safety device that file is realized peace Full management.
Embodiment 2
Present embodiments provide a kind of identity card card-reading terminal, as in figure 2 it is shown, this identity card card-reading terminal includes in embodiment 1 Safety device.The identity card card-reading terminal that the present embodiment provides, after receiving each instruction, all can judge current safe shape The execution requirement of the most satisfied instruction of state, only safe condition meet the execution of instruction and require just to perform command adapted thereto, it is ensured that read The safety of card.
It should be noted that the present embodiment provide identity card card-reading terminal and be not provided with verify safety control module, but Cloud authentication platform arranges the module that the ciphertext data read from identity card can realize deciphering, any wired with passing through per family Or wireless network is linked into cloud authentication platform to realize the reading to identity card.
In the present embodiment, identity card card-reading terminal can also comprise communication module 24, and communication module 24 at least includes that two connect Mouthful: card reading interface 241 and communication interface 242.Card reading interface 241, for carrying out communication with identity card, can be 14443 to connect Mouthful, it is also possible to for other non-contact interfaces, it is not construed as limiting in the present embodiment.Communication interface 242 is for entering with cloud authentication platform Row communication.If communication interface 242 can directly be communicated with cloud authentication platform by cable network or wireless network, the most now communicate Interface can be radio network interface (such as: WIFI interface) or wired network interface;If communication interface 242 and host computer Connect, utilize host computer (such as mobile phone, PAD (panel computer) or PC etc.) by cable network or wireless network and cloud Authentication platform communicates, and communication interface 242 the most now can be that USB interface or blue tooth interface etc. can communicate with host computer Interface, be not construed as limiting in the present embodiment.
In the present embodiment, bottom layer driving module 13 can also comprise communications protocol storehouse 133, comprises body in communications protocol storehouse 133 Communications protocol needed for part card card-reading terminal, including at least two class communications protocol in communications protocol storehouse 133: card reading interface 241 is right The communications protocol answered and the communications protocol of communication interface 242 correspondence.The communications protocol of card reading interface 241 correspondence can be 14443 Communications protocol, it is also possible to for the communications protocol that other non-contact interfaces are corresponding, be not construed as limiting in the present embodiment.If communication connects Mouth 242 can directly be communicated with cloud authentication platform by cable network or wireless network, the most now communication of communication interface 242 correspondence Agreement is radio network interface communications protocol (such as: WIFI agreement) or wired network protocol;If communication interface 242 is with upper Position machine connects, and utilizes host computer (such as mobile phone, PAD (panel computer) or PC etc.) by cable network or wireless network Communicating with cloud authentication platform, the most now the communications protocol of communication interface 242 correspondence can be usb protocol or Bluetooth protocol, at this Embodiment is not construed as limiting.
In specific implementation process, after the card reading interface 241 in communication module 24 receives the carrier signal that identity card sends, first First pass through communications protocol storehouse 133 and the carrier signal of reception is converted to digital command, and digital command is sent to instruction judges mould Block 11 processes.After the card reading interface 241 of communication module 24 receives the digital command that instruction judge module 11 returns, The digital command of reception is converted to carrier signal, and carrier signal is sent to identity card.
Embodiment 3
Present embodiments providing a kind of method of controlling security, this method of controlling security is applied to the safety device in embodiment 1.
The flow chart of the method for controlling security that Fig. 3 provides for the present embodiment, the method mainly includes the following steps that (S301~S304):
S301: receive at least one secure authenticated information, is authenticated each secure authenticated information, if certification is passed through, Safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if certification is not passed through, by certification not Safe condition corresponding to the secure authenticated information passed through is set to certification by state, is stored by safe condition;
In the present embodiment, safe condition can represent with string of binary characters, and each bit in string of binary characters represents one The safe condition of individual secure authenticated information, can with bit 1 represent secure authenticated information certification pass through, bit 0 represent safety recognize Card authentification of message does not passes through, it is also possible to represent with bit 0 that secure authenticated information certification is passed through, bit 1 represents secure authenticated information Certification is not passed through, and is not specifically limited in the present embodiment.After receiving secure authenticated information, if certification is passed through, can will pacify The bit position that full authentication information is corresponding is 1, if certification is not passed through, can be 0 by bit position corresponding for secure authenticated information.
As an optional embodiment of the embodiment of the present invention, secure authenticated information can be PIN code or biological information or The information obtained according to certification key.
In the present embodiment, PIN code can be startup password, login password etc., is not specifically limited in the present embodiment.? In specific implementation process, biological information can be that finger print information, face information, voiceprint, iris information etc. can tables Show the information of individual uniqueness.
In an optional embodiment, the information obtained according to certification key can be obtained in such a way: call bottom and drive The random number that dynamic model block uses certification double secret key external equipment to send calculates, by result of calculation returning to external equipment, outward Portion's equipment uses the corresponding same random number of certification double secret key to calculate, and the result comparing twice calculating is the most identical, and will compare Relatively result return, the comparative result of return be according to certification key obtain information.Safety device according to return comparative result, It is capable of deciding whether to store the certification key identical with external equipment, if twice result of calculation is identical, then safe condition is put For certification by state, if twice result of calculation differs, then safe condition is set to certification and does not passes through state.Represent basis The authentification of message that certification key obtains passes through, and corresponding safe condition is set to certification and passes through state, if twice result of calculation is not Identical, represent that the authentification of message obtained according to certification key does not passes through, corresponding safe condition is set to certification and does not passes through state.
In an optional embodiment, it is also possible to obtain in such a way according to certification key obtain information: external equipment Being encrypted the random number himself produced and obtain encryption data, the encryption data using certification double secret key to obtain carries out signing To signature value, and encryption data is sent to safety device together with signature value.After safety device receives encryption data and signature value, Call bottom layer driving module use certification double secret key signature value carry out sign test, sign test result be according to certification key obtain information. According to sign test as a result, it is possible to the identity of external equipment is authenticated and to judge whether safety device stores identical with external equipment Certification key.If sign test is passed through, represent that external equipment identity authentification of message that is legal and that obtain according to certification key passes through, Corresponding safe condition is set to certification by state, if sign test is not passed through, represents that external equipment identity is illegal and according to certification The authentification of message that key obtains does not passes through, and corresponding safe condition is set to certification and does not passes through state.
In the present embodiment, the detailed description of the invention that bottom layer driving module uses certification double secret key signature value to carry out sign test is: bottom The signature value driving module to use certification double secret key to receive is decrypted, and is made a summary, and utilizes HASH algorithm to receiving Encryption data carry out being calculated the summary of encryption data, and compare summary and calculated encryption data that deciphering obtains Make a summary the most identical, if identical, then the sign test of signature value is passed through, if it is not the same, then the sign test of signature value is not passed through.
Using PIN code or biological information as secure authenticated information, user identity is verified, prevents from usurping.By root The information obtained according to certification key is as secure authenticated information, it is possible to be authenticated the identity of external equipment initiating key updating And judge whether safety device stores corresponding certification key, it is ensured that safety device safety in key updating process.
S302: receive instruction, search storage according to instruction with the corresponding safe condition of instruction, it is judged that whether safe condition is State is passed through in certification;
In the present embodiment, the instruction of reception can be Card Reader instruction, key updating instruction etc., does not the most make concrete Limit.
As an optional embodiment of the embodiment of the present invention, after receiving instruction, method of controlling security also includes: analyze Whether there are corresponding instruction or instruction interface, if there is corresponding instruction or instruction interface, trigger and search storage according to instruction The step of the safe condition corresponding with instruction.In specific implementation process, after receiving instruction, first analyse whether to refer to accordingly Order or instruction interface, if there is corresponding instruction or instruction interface, then judge that the instruction received is valid instruction, according to instruction Search the safe condition corresponding with instruction of storage, if there is no corresponding instruction or instruction interface, then judge the finger received Order searches safe condition for illegal instruction, refusal.
In the present embodiment, safe condition can represent with string of binary characters, receive instruction after, search storage with receive Instruct corresponding string of binary characters, after finding corresponding string of binary characters, it is judged that string of binary characters represents instruction Whether the bit of the safe condition performing needs is 1, if representing in string of binary characters that instruction performs the safe condition needed Bit be 1, call bottom layer driving module, if 0, refusal call bottom layer driving module.
S303: safe condition be certification pass through state time, call bottom layer driving module;
S304: receive the response of bottom layer driving module and call the response results of generation.
As an optional embodiment of the embodiment of the present invention, bottom layer driving module, including: security algorithm storehouse and/or file system System;Safe condition be certification pass through state time, call bottom layer driving module, including: be that state is passed through in certification at safe condition Time, call security algorithm storehouse and/or file system.
In the present embodiment, bottom layer driving module can provide api interface for calling.In specific implementation process, security algorithm The algoritic module that the security algorithms such as the encryption that lower hardware platform provides, signature are corresponding can be packaged by storehouse, generates each The api interface that security algorithm needs.The api interface generated by calling security algorithm storehouse can realize the tune to security algorithm storehouse With.
In the present embodiment, file system management file generation, preserve, inquire about, revise and deletion etc..Additionally, file system Can define basic file structure and storage mode in system, and provide interface for calling, the interface Gong calling can be that API connects Mouthful.The file of file system definition can be binary file, fixed-length file, elongated file, circular file etc., in this enforcement Example is not specifically limited.File system can be also used for providing the mode of operation to file, includes reading to the mode of operation of file File, written document etc., be not specifically limited in the present embodiment.
The security algorithm storehouse that the present embodiment provides is capable of security algorithm and calculates, and file system can realize safety management to file.
Whether the method for controlling security provided by the present embodiment, after receiving each instruction, all can judge current safe condition The execution requirement of satisfied instruction, only safe condition meet the execution of instruction and require just to perform command adapted thereto, it is ensured that holding of instruction Row safety.
Embodiment 4
Present embodiments providing a kind of identity card read method, the identity card that this identity card read method is applied in embodiment 2 is read Card terminal.
The flow chart of the card reading method that Fig. 4 provides for the present embodiment, the method mainly includes the following steps that (S401~S404):
S401: receive at least one PIN code, is authenticated each PIN code, if certification is passed through, certification is passed through The safe condition that PIN code is corresponding is set to certification and passes through state, if certification is not passed through, PIN code certification not passed through is corresponding Safe condition is set to certification not by state, is stored by safe condition;
In the present embodiment, the safe condition that PIN code is corresponding can represent with string of binary characters, every in string of binary characters Individual bit represents the safe condition of the PIN code of an index.In specific implementation process, can be by the binary word of 8 Symbol string represents the safe condition of PIN code, after receiving a PIN code, if certification is passed through, and can be by ratio corresponding for this PIN code Special position is 1, if certification is not passed through, can be 0 by bit position corresponding for this PIN code.For example, it is possible to 00000001 Represent the first PIN code certification by, represent that with 00,000,010 second PIN code certification is passed through, represented the 3rd PIN with 00000100 Code authentication passes through, it is also possible to 00010000 represent the first PIN code certification by, represent that with 00,100,000 second PIN code is recognized Demonstrate,prove by, represent that with 01000000 the 3rd PIN code certification is passed through, it is also possible to otherwise represent, do not make Limit.
S402: reception identity card reads and instructs, reads the corresponding with identity card reading instruction of instruction lookup storage according to identity card The safe condition of PIN code, it is judged that whether safe condition is that state is passed through in certification;
In the present embodiment, after receiving identity card reading instruction, can analyse whether that corresponding identity card reads instruction or identity Card reads instruction interface, reads instruction if there is corresponding identity card or identity card reads instruction interface, then judge the body received It is legal identity card reading instruction that part card reads instruction, reads instruction lookup according to legal identity card and identity card reads instruction Corresponding PIN code safe condition, reads instruction if there is no corresponding identity card or identity card reads instruction interface, then sentence The identity card that disconnecting is received reads instruction and reads instruction for illegal identity card, and refusal searches the safe condition of PIN code.
In the present embodiment, the safe shape that the corresponding safe condition of instruction can be one or more PIN code is read with identity card State, in specific implementation process, reading the corresponding safe condition of instruction with identity card can be the safety representing the first PIN code The string of binary characters of state, it is also possible to for representing the string of binary characters of the safe condition of the second PIN code, it is also possible to for representing The safe condition of the first PIN code and the string of binary characters of the safe condition of the second PIN code, be not restricted. After finding the string of binary characters of the safe condition representing PIN code, it is judged that string of binary characters meets identity card and reads instruction Whether the bit of the safe condition performing one or more PIN codes of needs is 1.
S403: safe condition be certification pass through state time, call bottom layer driving module;
In the present embodiment, in string of binary characters, meet one or more PIN codes of identity card reading instruction execution needs When the bit of safe condition is 1, calling bottom layer driving module, if 0, refusal calls bottom layer driving module.
In the present embodiment, bottom layer driving module can include communications protocol storehouse.Identity card reads after instructing by safety check, Call communications protocol storehouse, carry out ID card information reading.
S404: receive the response of bottom layer driving module and call the response results of generation.
In the present embodiment, bottom layer driving module can also include file system and security algorithm storehouse.After reading identity card information, Transfer key from the file system of bottom layer driving module, be encrypted computing by security algorithm storehouse and obtain ciphertext, carry out signature fortune Calculation obtains signature value, ciphertext and signature value is returned.
The identity card read method provided by the present embodiment, after receiving identity card reading instruction, first determines whether to perform identity card Whether the safe condition of PIN code that reading instruction needs is that certification is passed through, only the safe condition of PIN code be certification when passing through Perform identity card and read instruction, it is ensured that identity card reads the safety of process.
Any process described otherwise above or method describe and are construed as in flow chart or at this, represent include one or The module of code, fragment or the part of the executable instruction of the more steps for realizing specific logical function or process, and The scope of the preferred embodiment of the present invention includes other realization, wherein can not be by order that is shown or that discuss, including root According to involved function by basic mode simultaneously or in the opposite order, performing function, this should be by embodiments of the invention institute Belong to those skilled in the art to be understood.
Should be appreciated that each several part of the present invention can realize by hardware, software, firmware or combinations thereof.In above-mentioned enforcement In mode, multiple steps or method can be with storing the software or firmware that in memory and be performed by suitable instruction execution system Realize.Such as, if realized with hardware, with the most the same, available following technology well known in the art In any one or their combination realize: have and patrol for the discrete of logic gates that data signal is realized logic function Collect circuit, there is the special IC of suitable combination logic gate circuit, programmable gate array (PGA), field programmable gate Array (FPGA) etc..
Those skilled in the art are appreciated that it is permissible for realizing all or part of step that above-described embodiment method carries Instructing relevant hardware by program to complete, described program can be stored in a kind of computer-readable recording medium, this journey Sequence upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, each functional unit in each embodiment of the present invention can be integrated in a processing module, it is also possible to be each Unit is individually physically present, it is also possible to two or more unit are integrated in a module.Above-mentioned integrated module is the most permissible The form using hardware realizes, it would however also be possible to employ the form of software function module realizes.If described integrated module is with software merit Can the form of module realize and as independent production marketing or when using, it is also possible to be stored in the storage of embodied on computer readable and be situated between In matter.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " concrete example ", Or specific features, structure, material or the feature that the description of " some examples " etc. means to combine this embodiment or example describes comprises In at least one embodiment or example of the present invention.In this manual, the schematic representation to above-mentioned term not necessarily refers to It is identical embodiment or example.And, the specific features of description, structure, material or feature can at any one or Multiple embodiments or example combine in an appropriate manner.
Although above it has been shown and described that embodiments of the invention, it is to be understood that above-described embodiment is exemplary, Being not considered as limiting the invention, those of ordinary skill in the art is in the case of without departing from the principle of the present invention and objective Above-described embodiment can be changed within the scope of the invention, revise, replace and modification.The scope of the present invention is by appended power Profit requires and equivalent limits.

Claims (9)

1. a method of controlling security, it is characterised in that described method includes:
Receive at least one secure authenticated information, each secure authenticated information described is authenticated, if certification is passed through, will Safe condition corresponding to secure authenticated information that certification is passed through is set to certification by state, if certification is not passed through, will authenticate obstructed Safe condition corresponding to the secure authenticated information crossed is set to certification by state, is stored by described safe condition;
Receive instruction, search the safe condition corresponding with described instruction of storage according to described instruction, it is judged that described safe condition Whether it is that state is passed through in certification;
Described safe condition be certification pass through state time, call bottom layer driving module;
Receive the response of described bottom layer driving module and call the response results of generation.
Method of controlling security the most according to claim 1, it is characterised in that after receiving instruction, described method is also wrapped Include:
Analyse whether corresponding instruction or instruction interface, if there is corresponding described instruction or described instruction interface, trigger institute State the step of the safe condition corresponding with described instruction searching storage according to described instruction.
Method of controlling security the most according to claim 1 and 2, it is characterised in that described secure authenticated information is PIN code Biological information or according to certification key obtain information.
4. according to the method for controlling security described in any one of claim 1-3, it is characterised in that described bottom layer driving module, bag Include: security algorithm storehouse and/or file system;
Described safe condition be certification pass through state time, call bottom layer driving module, including:
Described safe condition be certification pass through state time, call described security algorithm storehouse and/or described file system.
5. a safety device, it is characterised in that including: authentication module, instruction judge module, calling module and bottom layer driving Module;
Described authentication module, is used for receiving at least one secure authenticated information, is authenticated each secure authenticated information described, If certification is passed through, safe condition corresponding to the secure authenticated information certification passed through is set to certification by state, if certification is not Passing through, safe condition corresponding to the secure authenticated information certification do not passed through is set to certification by state, by described safe condition Store;
Described instruction judge module, is used for receiving instruction, searches the safety corresponding with described instruction of storage according to described instruction State, it is judged that whether described safe condition is that state is passed through in certification;
Described calling module, for described safe condition be certification pass through state time, call bottom layer driving module, receive described Bottom layer driving module responds the response results calling generation of described authentication module.
Safety device the most according to claim 5, it is characterised in that
Described instruction judge module, is additionally operable to analyse whether corresponding instruction or instruction interface, if there is corresponding described finger Order or described instruction interface, trigger the step of the described safe condition corresponding with described instruction searching storage according to described instruction.
7. according to the safety device described in claim 5 or 6, it is characterised in that described secure authenticated information is PIN code or life Thing characteristic information or the information obtained according to certification key.
8. according to the safety device described in any one of claim 5-7, it is characterised in that described bottom layer driving module, including: Security algorithm storehouse and/or file system;
Described calling module, for described safe condition be certification pass through state time, call bottom layer driving module, including:
Described calling module, for described safe condition be certification pass through state time, call described security algorithm storehouse and/or described File system.
9. an identity card card-reading terminal, it is characterised in that include the safety device described in any one of claim 5 to 8.
CN201610041106.5A 2016-01-21 2016-01-21 A kind of method of controlling security, safety device and identity card card-reading terminal Active CN106022033B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610041106.5A CN106022033B (en) 2016-01-21 2016-01-21 A kind of method of controlling security, safety device and identity card card-reading terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610041106.5A CN106022033B (en) 2016-01-21 2016-01-21 A kind of method of controlling security, safety device and identity card card-reading terminal

Publications (2)

Publication Number Publication Date
CN106022033A true CN106022033A (en) 2016-10-12
CN106022033B CN106022033B (en) 2019-06-28

Family

ID=57082689

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610041106.5A Active CN106022033B (en) 2016-01-21 2016-01-21 A kind of method of controlling security, safety device and identity card card-reading terminal

Country Status (1)

Country Link
CN (1) CN106022033B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107985A (en) * 2012-12-04 2013-05-15 百度在线网络技术(北京)有限公司 Cloud terminal authentication method, system and device
US20130159733A1 (en) * 2011-12-16 2013-06-20 Jae-Bum Lee Memory device which protects secure data, method of operating the memory device, and method of generating authentication information
CN103226703A (en) * 2013-05-11 2013-07-31 青岛科技大学 Identity authentication and management system based on biological feature identification technology

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130159733A1 (en) * 2011-12-16 2013-06-20 Jae-Bum Lee Memory device which protects secure data, method of operating the memory device, and method of generating authentication information
CN103107985A (en) * 2012-12-04 2013-05-15 百度在线网络技术(北京)有限公司 Cloud terminal authentication method, system and device
CN103226703A (en) * 2013-05-11 2013-07-31 青岛科技大学 Identity authentication and management system based on biological feature identification technology

Also Published As

Publication number Publication date
CN106022033B (en) 2019-06-28

Similar Documents

Publication Publication Date Title
CN106161359B (en) It authenticates the method and device of user, register the method and device of wearable device
US9288192B2 (en) System and method for securing data from a remote input device
US8064598B2 (en) Apparatus, method and computer program product providing enforcement of operator lock
US9749865B2 (en) Method and apparatus for managing beacon device
CN102936980B (en) Method and device for controlling electronic lock
US20190165947A1 (en) Signatures for near field communications
US20090298468A1 (en) System and method for deleting data in a communication device
US20070283427A1 (en) Simplified identity management of a common area endpoint
KR20200085230A (en) Holistic module authentication with a device
EP2809046A1 (en) Associating distinct security modes with distinct wireless authenticators
US7734279B2 (en) Method and system for controlling resources via a mobile terminal, related network and computer program product therefor
JP2012530311A5 (en)
CN104205891A (en) Virtual sim card cloud platform
US20200007334A1 (en) User authentication using a companion device
US9171140B2 (en) System and method for unified passcode processing
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN106027250A (en) Identity card information safety transmission method and system
CN112514323A (en) Electronic device for processing digital key and operation method thereof
CN108322440B (en) Card reading login method and security login system by using security equipment
CN106022095A (en) Safety device, safety control method and identity card card-reading terminal
CN115834074A (en) Identity authentication method, device and equipment
US20180060558A1 (en) Method of authenticating a user at a security device
CN106022033A (en) Safety control method, safety device, and identity card card-reading terminal
US11972651B2 (en) Intelligent key device and verification method therefor
CN106022140A (en) Method and system for reading identity card

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220413

Address after: Tiantianrong building, No. 1, Zhongguancun, Beiqing Road, Haidian District, Beijing 100094

Patentee after: TENDYRON Corp.

Address before: 100086 room 603, building 12, taiyueyuan, Haidian District, Beijing

Patentee before: Li Ming