CN107292138A - Method, device and the computer equipment authenticated to user - Google Patents
Method, device and the computer equipment authenticated to user Download PDFInfo
- Publication number
- CN107292138A CN107292138A CN201610203526.9A CN201610203526A CN107292138A CN 107292138 A CN107292138 A CN 107292138A CN 201610203526 A CN201610203526 A CN 201610203526A CN 107292138 A CN107292138 A CN 107292138A
- Authority
- CN
- China
- Prior art keywords
- authorization code
- section
- code
- user
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment provides the method authenticated to user, device (20) and computer equipment (2,3).The authentication device that this couple of user is authenticated includes:One generation unit (210), is configured to generate authorization code (22) according to temporal information;One transmitting element (220), the authorization code for being configured to be generated is supplied to the user, when the user can need authentication after, the authorization code of acquisition is inputted, the authorization code (24) to be tested is used as.Compared to prior art, the authorization code that above-mentioned authentication device is provided only has limited effective time, and malicious user can not access shielded object for a long time.
Description
Technical field
The protection based on authority is carried out to specific access object the present invention relates to computer realm, more particularly to computer realm.
Background technology
Computer has obtained extensive popularization in enterprise, universities and colleges, research institution and family.From environmental protection, space
Save, convenient access angularly is set out, people like depositing various information, data storage in hard disc of computer or movement
Store up in equipment (for example, flash memory, also referred to as USB flash disk).By computer, user can also be realized to internal network (for example
Corporate intranet (intranet)) and internet access.
At the same time, data, the owner (for example, enterprise) of proprietary network wish user's (for example, enterprise staff)
Access to network, data is limited by authority, then, generates the access control based on authority.For example, enterprise
Industry provides the USB flash disk for having the proprietary payware of enterprise, database to employee, and informs a fixed authorization code, member
When work needs to use the payware or database by computer, USB flash disk is inserted into computer, system can preferentially eject one
Individual dialog box, it is desirable to which user inputs the authorization code, this has ensured that payware, database are protected to a certain extent
The use based on authority of object.
The content of the invention
In view of this, embodiments in accordance with the present invention, it is proposed that the method that is authenticated to user, authentication device and comprising
The computer equipment of the authentication device, even if knowing that the personnel of authorization code leave former company or USB flash disk malice is gifted into other people,
The manager of authority remains able to realize the limitation of the access to protected object.
Specifically, embodiment according to the first aspect of the invention is there is provided the authentication device authenticated to user, including:
One generation unit, is configured to generate authorization code according to temporal information;One transmitting element, is configured to carry the authorization code of generation
Supply the user.
Authorization code is generated according to temporal information so that authorization code becomes and time correlation, then when time change, authorization code
Can change as needed so that authorization code have it is ageing, even if disabled user for the moment known authorization code, should
Authorization code will also fail over time, and therefore the disabled user can not will be further continued for accessing protected object.
Alternatively, the authentication device also includes:One receiving unit, is configured to receive to be tested the awarding of user's input
Weighted code;One processing unit, is configured to test to the authorization code to be tested, to obtain the authentication to the user
As a result.
, therefore, will when the authorization code that processing unit inputs user is used to examine because authorization code and time correlation join
It will appreciate that whether the timeliness of the authorization code still exists, so as to realize the authentication to user.Wherein, the inspection to authorization code has many
The mode of kind, will be described below.Thus, it is to avoid the user of malicious user or lack of competence enjoys to protected for a long time
The access rights of object.
Alternatively, the authentication device also includes:One resolution unit, is configured to parse the authorization code to be tested, institute
Stating parsing includes attempting to recover the temporal information for generating the authorization code to be tested by the authorization code to be tested;Institute
Processing unit is stated to be configured to, will when the resolution unit recovers the temporal information for generating the authorization code to be tested
The temporal information recovered is compared with the reference time, and obtains the authenticating result according to comparative result.
Inspection to authorization code to be tested can be with directly being compared with reference to authorization code, due to being regular root with reference to authorization code by it
According to time information renovation, then, old authorization code can be after update next time (for example, being quarterly to update one in every 3 months
It is secondary) no longer effective property, that is, can no longer be matched with reference to authorization code, cause failed authentication.
Alternatively, it is also possible to select to be parsed authorization code, trial recovers temporal information used during generation, whereby, also may be used
To obtain the information that some are extra, if the authorization code that system is received has recovered a temporal information earlier, illustrate it is to use
Still attempt to access using original old authorization code in family.And if authorization code can not recover a temporal information, then may
It is that user accidentally inputs by mistake or lack of competence user is carrying out the trial of malice.
Alternatively, the temporal information includes a year information and January information, and the authorization code includes one first yard of section, one
Second code section and check code section, first yard of section, second code section are the function of the year information and month information, institute
Check code section is stated to be generated according to first and second yards of sections.
First, second yard of section is generated according to time and month information, it is ensured that authorization code it is ageing, and based on first, second
The check code of code section generation, then further enhancing the robustness that authorization code is cracked in face of malice.
Alternatively, the generation unit is configured to update the authorization code in each season.
In this way, by year information and month information, can be flexibly generated the authorization code of needs, this authorization code can be every
Month update, namely generate authorization code using of that month month information every month or update in each season, namely
Each season generates authorization code using the month information of wherein such as first month.The renewal frequency of authorization code determines authority
The complexity of the work of manager, more frequent then complexity is higher, but security is better, and manager can voluntarily determine as needed
It is fixed.
Alternatively, the generation unit generates first, second yard of section according to following operation:According to below equation generation and institute
State corresponding one first value of first yard of section and a second value corresponding with second code section:Formula 1:First value=Y2-a*Y+b;
Second value=M3+c*M2+d*M+e*Y+f;Or formula 2:First value=(Y-g) * (Y+h)+i+M;Second value=(M+j)3
+k*M+l*Y;First value and second value to generation are respectively processed, to generate first yard of section and second code section;
Wherein, Y represents the year information, and M represents the month information, a, b, c, d, e, f, g, h, i, j, and k, l is constant.
So, it is possible to achieve unique authorization code is obtained by temporal information, and can be obtained uniquely according to authorization code reverse operation
Solution, that is, generate time used during the authorization code and month information.
Alternatively, the generation unit is handled first value and second value according to below equation, generates described first yard
Section and second code section, wherein, first yard of section and second code section are respectively comprising three characters:Formula 3:The of first yard of section
One character=int (the first value/1296);Second character of first yard of section=int (the first value/36) mod 36;3rd word of first yard of section
Accord with the=the first value mod 36;Formula 4:The first character=int (second value/1296) of second code section;Second character of second code section=
Int (second value/36) mod 36;Three characters=second value mod 36 of second code section.
With it is foregoing accordingly above-mentioned computing ensure that with three characters to represent first yard of section and second code section, and it reverse is transported
Calculation can draw unique solution, i.e., unique time and month information combination.
Embodiment according to the second aspect of the invention is there is provided computer equipment, including foregoing any user is authenticated
Authentication device.
The computer can be the server dedicated for authentication of the local computer that user uses or network side, real
Now to the control based on authority of the access of protected object, and the obtained authorization code of user have it is ageing, if can not be timely
The authorization code updated is obtained, will be unable to be continued to access with old authorization code.
Embodiment according to the third aspect of the invention we there is provided the method authenticated in computer equipment to user, including
Following steps:Authorization code is generated according to temporal information;The authorization code of generation is supplied to the user, the user can be
When needing authentication afterwards, the authorization code is inputted.
Authorization code is generated according to temporal information so that authorization code becomes and time correlation, then when time change, authorization code
Can change as needed so that authorization code have it is ageing, even if disabled user for the moment known authorization code, should
Authorization code will also fail over time, and therefore the disabled user can not will be further continued for accessing protected object.
Alternatively, this method is further comprising the steps of:Receive the authorization code to be tested of user's input;To described to be tested
Authorization code test, to obtain the authenticating result to the user.
Because authorization code and time correlation join, therefore, when the authorization code of user's input is used to examine, it will know the mandate
Whether the timeliness of code still exists, so as to realize the authentication to user.Wherein, the inspection to authorization code has various ways, will be
It is detailed below.Thus, it is to avoid the user of malicious user or lack of competence enjoys the access right to protected object for a long time
Limit.
Alternatively, this method is further comprising the steps of:The authorization code to be tested is parsed, the parsing includes
Attempt to recover the temporal information for generating the authorization code to be tested by the authorization code to be tested;It is described to examine
Step also includes, will be extensive when the resolution unit recovers the temporal information for generating the authorization code to be tested
The temporal information appeared again is compared with a reference time, and obtains the authenticating result according to comparative result.
Inspection to authorization code to be tested can be with directly being compared with reference to authorization code, due to being regular root with reference to authorization code by it
According to time information renovation, then, old authorization code can be after update next time (for example, being quarterly to update one in every 3 months
It is secondary) no longer effective property, that is, can no longer be matched with reference to authorization code, cause failed authentication.
Alternatively, it is also possible to select to be parsed authorization code, trial recovers temporal information used during generation, whereby, also may be used
To obtain the information that some are extra, if the authorization code that system is received has recovered a temporal information earlier, illustrate it is to use
Still attempt to access using original old authorization code in family.And if authorization code can not recover a temporal information, then may
It is that user accidentally inputs by mistake or lack of competence user is carrying out the trial of malice.
Because embodiments of the invention are using the authorization code changed over time so that even if knowing the labor turnover of authorization code,
He/her will can not also continue access to protected object/use, for user's malice leakage authorization code to external staff quickly
The even personnel of rival, serve certain strick precaution and resist effect.In addition, will be to special in some embodiments
The identification for having the device identification of movable storage device is combined with time-varying authorization code, can be effectively guarded against to original movement
The duplication of storage device and corresponding improper use.
Brief description of the drawings
The preferred embodiments of the present invention will be described in detail by referring to accompanying drawing below, and make one of ordinary skill in the art more clear
In the above and other feature and advantage of the Chu present invention, accompanying drawing:
Fig. 1 is the method authenticated to user according to embodiments of the invention, a kind of typically used as ring of authentication device
The schematic diagram in border.
Fig. 2 is the schematic block diagram of the authentication device authenticated to user according to embodiments of the invention.
Fig. 3 is the schematic flow sheet of the method authenticated to user according to embodiments of the invention.
Label declaration:
1 movable storage device
2 computers
3 servers
4 networks
20 authentication devices
210 generation units
220 transmitting elements
230 receiving units
240 resolution units
250 processing units
The authorization code of 22 generations
24 authorization codes to be tested
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, by the following examples to of the invention further detailed
Explanation.
Although exemplary embodiment can have a variety of modifications and alternative forms, show by way of example in the accompanying drawings
Some of which embodiment, and will be described in detail herein.It should be understood, however, that be not intended by
Exemplary embodiment is restricted to disclosed concrete form, on the contrary, exemplary embodiment is intended to cover to fall in claims
In the range of all modifications, equivalents and alternative.Identical reference refers to all the time in the description of each width figure
For identical unit.
It should be mentioned that some exemplary embodiments are described as making before exemplary embodiment is discussed in greater detail
The processing described for flow chart or method.Although operations are described as the processing of order by flow chart, therein to be permitted
Multioperation can be implemented concurrently, concomitantly or simultaneously.In addition, the order of operations can be rearranged.
The processing can be terminated when its operations are completed, it is also possible to the additional step being not included in accompanying drawing.Institute
State processing and can correspond to method, function, code, subroutine, subprogram etc..
Method (some of them are illustrated by flow) discussed hereafter can be by hardware, software, firmware, centre
Part, microcode, hardware description language or its any combination are implemented.When with software, firmware, middleware or microcode
During implementing, program code or code segment to implement necessary task can be stored in machine or computer-readable medium
In (such as storage medium).(one or more) processor can implement necessary task.
Concrete structure and function detail disclosed herein are only representational, and are the examples for describing the present invention
The purpose of property embodiment.But the present invention can be implemented by many alternative forms, and it is not interpreted as
It is limited only by the embodiments set forth herein.
Although it should be appreciated that may have been used term " first ", " second " etc. herein to describe each list
Member, but these units should not be limited by these terms.Using these terms be used for the purpose of by a unit with it is another
Individual unit makes a distinction.For example, in the case of the scope without departing substantially from exemplary embodiment, first module can be by
Referred to as second unit, and similarly second unit can be referred to as first module.Term "and/or" used herein above
Including any of the associated item listed by one of them or more and all combinations.
Term used herein above is not intended to limit exemplary embodiment just for the sake of description specific embodiment.Unless on
Hereafter clearly refer else, otherwise singulative " one " used herein above, " one " also attempt to include plural number.
It is to be further understood that term " comprising " used herein above and/or "comprising" provide stated feature, integer,
Step, operation, the presence of unit and/or component, and do not preclude the presence or addition of other one or more features, integer,
Step, operation, unit, component and/or its combination.
It should further be mentioned that in some replaces realization modes, the function/action being previously mentioned can be according to different from accompanying drawing
The order of middle sign occurs.For example, depending on involved function/action, the two width figures shown in succession actually may be used
Substantially simultaneously to perform or can perform in a reverse order sometimes.
Unless otherwise defined, otherwise all terms (including technology and scientific terminology) used herein all have with it is exemplary
The identical implication that technical staff in embodiment art is generally understood.It is to be further understood that unless herein
It is explicitly defined, otherwise those terms for example defined in usually used dictionary should be construed as having with it in phase
The consistent implication of implication in the context in pass field, without that should be solved according to Utopian or excessively formal meaning
Release.
The some parts of exemplary embodiment and corresponding detailed description be by the software or algorithm in computer storage with
And represent and provide for the symbol of the operation of data bit.These description and expression be those skilled in the art be used to
Others skilled in the art effectively pass on the description and expression of its work essence.As being typically used it,
Term " algorithm " used herein above is envisaged as obtaining the self-congruent sequence of steps of desired result.The step
Suddenly it is those steps for needing to carry out physical magnitude physical manipulation.Generally rather than it is necessary that these quantity take can
The optics that is stored, transmitted, combined, compared and is manipulated otherwise, the form of electric or magnetic signal.
Primarily for usually using the reason for, it has proved that sometimes these signals as bits, numerical value, element, symbol, word
Symbol, item, numeral etc. are easily.
By the symbol table with reference to action and the operation that may be implemented as program module or function treatment in description below
Show (for example in a flowchart) to describe illustrative embodiment, described program module or function treatment include implementing special
Determine task or implement the routine of particular abstract data type, program, object, component, data structure etc., and can
To be implemented using the existing hardware at existing network unit.Such existing hardware can include one or more centres
Manage unit (CPU), digital signal processor (DSP), application specific integrated circuit, field programmable gate array (FPGA)
Computer etc..
But it would be recognized that all these and similar terms should be associated with appropriate physical magnitude, and only
Only it is the facility label for being applied to these quantity.Unless clearly Stated otherwise or from discussion, it is apparent that
Otherwise such as " processing ", " calculating ", " it is determined that " or " display " term refer to computer system or similar
The action and processing of electronic computing device, its to be represented as in the register and memory of the computer system physics,
The data of electron amount are manipulated, and are converted into and are similarly represented as the computer system memory or post
Storage or other data of the storage of other this type of informations, transmission or the physical magnitude in display device.
Deposited it should further be mentioned that being typically encoded in some form of program in terms of the software implementation of exemplary embodiment
Implement on storage media or by certain type of transmission medium.Described program storage medium can be that magnetic is (such as soft
Disk or hard disk drive) or optics (such as aacompactadisk read onlyamemory or " CD ROM ") storage medium, and can
To be read-only or random-access storage medium.Similarly, the transmission medium can be twisted-pair feeder, coaxial cable, optical fiber
Or certain other appropriate transmission medium known in the art.Exemplary embodiment is not by any given implementation
Limitation in terms of these.
Processor and memory can carry out running gear function with a biconditional operation.For example, memory can be stored on dress
Put the code segment of function.The code segment again can be by computing device.In addition, memory can store processing variable and
Constant device for processing is used.
It should be noted that the present invention can be carried out in the assembly of software and/or software and hardware, for example, of the invention
Each device can be realized using application specific integrated circuit (ASIC) or any other similar hardware device.In an implementation
In example, software program of the invention can realize steps described above or function by computing device.Similarly, originally
The software program (including related data structure) of invention can be stored in computer readable recording medium storing program for performing, for example,
RAM memory, magnetically or optically driver or floppy disc and similar devices.In addition, some steps or function of the present invention can be adopted
Realized with hardware, for example, as coordinating with processor so as to performing the circuit of each step or function.
Referring to Fig. 1, the method authenticated according to an embodiment of the invention to user, authentication device illustrated therein is
A kind of schematic diagram of typically used as environment.
Movable storage device 1, computer 2, server 3 and network 4 for rights management are shown in Fig. 1.Its
Middle movable storage device 1 typically can be USB flash disk, for example, issue employee in employee's second B registrations of company's first, mobile
Can be stored with proprietary data, proprietary program(me) etc. in storage device 1, and company's first passes through independent development or purchase license of paying
And obtain to data, the access right of program, it is the expectation for meeting company to the use of data, program it is desirable to employee
, rather than used for personal purpose or for other people beyond company or the interests of enterprise.
Computer 2 is usually a desk-top or notebook computer, and it can matchingly be used with movable storage device 1, example
Such as, if movable storage device 1 is USB flash disk, in the USB interface for being inserted into computer 2.In different examples
In, computer 2 can both collect software, program needed for paired user is authenticated etc. with itself, can also only act as one
The role of individual protected object.For example, in one example, the authentication device 20 to subscription authentication can be computer 2
A part (for example, being realized by the process chip of computer 2 and the security procedure of installation), and in another example
In son, 2, computer is that the offer of movable storage device 1 one for having protected object is called for user, accesses network
Interface, in another example, computer 2 can just be stored with protected object (for example, the proprietary number of company with itself
According to etc.), in latter two example, the authentication of user is completed by the server 3 being mentioned below.
Server 3, different from computer 2, it is not used for routine office work of personal user 2 etc., but is mainly assigned
The access to protected object to each user has been given to carry out advance authentication, what it was mainly inputted by receiving user
After authorization code to be tested, it is parsed, namely a kind of inverse operation, obtain generating used during the authorization code to be tested
Temporal information, then the temporal information of gained and reference time for currently coming into force are compared, so as to obtain authenticating result.
Being mentioned when being illustrated as before to computer 2, above-mentioned authentication operations in some instances can also be by the generation of computer 2
Completed for server 3.Without loss of generality, the general personnel's (example that user right is responsible in company of server 3
Such as, information security center etc.) it is responsible for specially.
Network 4 can be the internal network or internet of company's first, especially when it is company Intranet, the present invention
Can be the limitation to customer access network 4 to the authentication process of user in embodiment, for example, when user can not pass through institute
When stating authentication, it just will be unable to access network 4.When this is connected to other critical servers, memory on network 4, especially
It is conducive to the data of company, information security.
The authentication device 20 authenticated according to an embodiment of the invention to user is entered referring to Fig. 2 and with reference to Fig. 1
Row is described in detail, and an example of the authentication device 20 is as shown in Figure 2.
The authentication device 20 of diagram include generation unit 210, transmitting element 220, receiving unit 230, resolution unit 240,
With processing unit 250, in some instances, the resolution unit 240 is dispensed.
The function of all parts of authentication device 20 is more clearly introduced below in conjunction with the scene of several hypothesis:
Scene 1:Company's first newly enters employee's second, second have because need of work is equipped with company's proprietary data USB flash disk (with reference to
Fig. 1 reference calls USB flash disk 1 in the following text), a notebook computer (calling computer 2 in the following text with reference to Fig. 1) is further provided with, it is public
The server (calling server 3 in the following text with reference to Fig. 1) run in department by security centre is come all employees inside Heat & Control Pty Ltd. to each
From USB flash disk use.
Regularly (for example, each season namely 1 year 4 times) generation/renewal authorization code 22 of generation unit 210, generation
Authorization code 22 can be preferable through the secure communication between company's first and employee's second (for example, corporate mailbox system, sends
One implementation of unit 220) inform to user.Then, in theory this user within following season,
The access to protected object can be realized with the authorization code, passes through the authentication performed by server 3.Used that is, working as
USB flash disk 1 is inserted computer 2 by family (in this example be employee's second), USB flash disk 1 can with one authentication procedure of automatic running, or
What person's computer 2 identified insertion is that then preferential one window requirement user of ejection completes authentication to USB flash disk 1.Then, user
The authorization code oneself being apprised of is inputted, now because the authorization code of input is not also by parsing, so we are referred to as treating
The authorization code of inspection, and use the reference 24 different from the authorization code 22 that transmitting element 220 is provided.
The authorization code to be tested of the user's input received can be supplied directly to processing unit 250, and by processing unit
250 by it compared with the reference prestored a authorization code pair, the result of comparison will cause different authenticating results, that is,
If the authorization code of input and reference authorization code are inconsistent, failed authentication, the access request of user is rejected.Conversely,
If the authorization code of input is consistent with reference to authorization code, authenticate successfully, user is allowed access to the shielded object.
Without loss of generality, the reference authorization code being somebody's turn to do can be the last generation of generation unit 210 or be generated when updating authorization code
And be stored at server 3, it informs that the authorization code to user is consistent with the last time, therefore, if having the right
The authentication request that the user of limit initiates in the authorization code term of validity, its result should be that authentication passes through.
In a change case, the authorization code 24 to be tested of input by receiving unit 230 receive after be supplied to resolution unit
240.If generation unit 210 is regarded as a code device by we, namely is encoded to authorization code 22 temporal information,
So, resolution unit 240 is just considered as corresponding decoding apparatus, and it attempts the authorization code 24 to be tested that will be received
Resolve to temporal information, if the temporal information parsed be precisely the reference time (for example, server 3 when the year before last,
Month), then it is considered that authenticating successfully, if can not parse temporal information (for example, user, which inputs authorization code by mistake, causes parsing
Unit 240 can not be solved), or the temporal information parsed and reference time mismatch, then it is assumed that failed authentication, use
Family can not use/access protected object.Specifically, the above-mentioned judgement to authenticating result is completed by processing unit 250.
With reference time unmatched typical example such as, authorization code 22 is in each season for the above-mentioned temporal information parsed
First day generation after be supplied to user, employee's second obtains this authorization code on January 1st, 2016 (in order to distinguish title
" authorization code in the first quarter "), and normally left office using up to March 20, and USB flash disk 1 is not submitted when leaving office.Then leave office
Afterwards until on March 31st, 2016, if authentication process remains to have access to server 3, preceding employee's second can be with the first quarter
Authorization code is continuing with protected data/software on USB flash disk 1.But to April 1, because authentication device 20 starts
Authenticated using new month information (for example, year information " 2016 " and month information " 4 "), therefore, work as solution
The authorization code in the first quarter that analysis unit 240 is inputted to second is parsed and parses year information " 2016 " and month information " 1 "
Afterwards, processing unit 250 can be compared " 2016 " and " 1 " with " 2016 " " 4 ", found to mismatch, then authenticated
Failure.
It will be appreciated by those skilled in the art that generation unit 210 and transmitting element 220 update authorization code and processor 250 more
The cycle of its new reference time can be diversified.Can frequent or less frequently it be updated according to actual conditions,
The need for adapting to reality.And these deformations and change are all within the scope of the spirit of the present invention.
According to a change case, transmitting element 220 can also will be generated by other manners such as SMS, push windows
New authorization code inform user.
According to an example, the authorization code 22 that generation unit 210 is generated includes first yard of section, second code section and check code section,
First, second yard of section is respectively the function of year information and month information, and check code Duan Ze is generated according to first and second yards of sections,
So can also be the function of year information and month information.Wherein, in order to adapt to the area monthly, quarterly changed of authorization code
Not, generation unit 210 can be configured, for example, exemplified by quarterly changing, generation unit 210 is generated in January
During authorization code, " 1 " can be used as month information, and if be also required in March generate authorization code, still use " 1 "
It is used as month information.If per monthly variation, generation unit 210 changes month information used every month.Equally, handle single
Member 240 is also configured, when authorization code quarterly changes, and can all use " 1 " to believe as the month in the reference time 1-3 months
Breath, is just " 4 " by the month information updating in the reference time until April, and if authorization code is per monthly variation, then every month
Reference time is defined by of that month actual month information.
From above content, the analysis result that resolution unit 240 is determined correctly is compared for processing unit 250
Pair and authenticating result be highly important.Therefore, generation unit 210 generates the process (solution of authorization code 22 by parameter of temporal information
The performed operation of analysis unit 240 is the reverse operation process of generation operation) intentionally get such authorization code, i.e. authorization code 22
Year information used and month information when generation authorization code 22 can be parsed through resolution unit 240, also, the parsing has only
One solution.
In one example, generation unit 210 generates first, second yard of section according to following operation:
Step 1:According to below equation generation the first value corresponding with first yard of section and second value corresponding with second code section:
Formula 1:First value=Y2-a*Y+b;Second value=M3+c*M2+d*M+e*Y+f;Or
Formula 2:First yard of section=(Y-g) * (Y+h)+i+M;Second code section=(M+j)3+k*M+l*Y;
Step 2:The first value and second value to generation are respectively processed, to generate first yard of section and second code section.
Wherein, Y expressions of years information, M represents month information, a, b, c, d, e, f, g, h, i, j, k, l be according to aforementioned rule determine it is normal
Amount.
Specifically, generation unit 210 is handled the first value and second value according to below equation, generates first yard of section and second
Code section, wherein, first yard of section and second code section are respectively comprising three characters, for example, the first code segment table is shown as ABC, second code
Segment table is shown as DEF.
Formula 3:First character of first yard of section=int (the first value/1296);Second character of first yard of section=int (the first value/36) mod
36;The value mod 36 of 3rd character of first yard of section=first;
Formula 4:The first character=int (second value/1296) of second code section;The second character=int (second value/36) mod of second code section
36;Three characters=second value mod 36 of second code section.
Wherein, int represents to ask whole (without rounding up), and mod represents remainder.
The following is the introduction that authorization code is generated with formula 1,3 and 4:
First, a specific example of formula 1 is such as:
First value=Y2-3687*Y+3374700;
Second value=M3+70*M2+1587*M+11*Y+12176。
In practicality, specific year information and month information are substituted into Y and M value by generation unit 210.For example, with 2016
Exemplified by January in year, Y=2016, M=1, then first is worth=20162- 3687*2016+3374700=5964, second value=
13+70*12+ 1587*1+11*2016+12176=36010.
Correspondingly, each character of each yard of section is calculated according to formula 3 and formula 4, wherein, the value of the character of each yard of section
F (x) follows following relation:F (x)=x, x=0,1 ..., 9;F (x)=" A "~" Z ", x=9,10 ... 35
First character of first yard of section, A=int (5964/1296)=4;
Second character of first yard of section, B=int (5964/36) mod 36=21=L;
3rd character of first yard of section, C=5964 mod 36=24=O.
First character of second code section, D=int (36010/1296)=27=S;
Second character of second code section, E=int (36010/36) mod 36=28=T;
3rd character of second code section, F=36010 mod 36=10=B.
According to an example, check code section can be expressed as follows comprising 4 characters, α, beta, gamma, and δ, wherein
Round is the operation that rounds up:
α=Round (A/3+B/3+10)
β=Round (B/3+D/3+F/3)
γ=Round (C/3+F/3)
δ=Round (C/3+E/3+8)
So far, the authorization code ABCDEF α β γ δ being made up of 10 characters can be obtained.It is original according to an alternative
Authorization code can pass through first encoding (for example, upsetting the order of intercharacter) again and as real authorization code.
Above-mentioned calculating is reversible, that is, when above-mentioned authorization code is provided to resolution unit 240, can parse only
One solution, year information " 2016 " and month information " 1 ".
Scene 2:(connecing scene 1) employee second when the contract expires does not renew labour contract, leaves office but does not give back USB flash disk 1 to company
Security centre.
Left office due to second and do not give back USB flash disk 1 but, although this period not updated in authorization code, he/her perhaps remained to access,
But once authorization code updates, the reference time that processing unit 250 is used to authenticate comparison will change, original authorization code warp
The parsing of resolution unit 240 will be unable to time and the month information for obtaining matching with the new reference time, cause authentication to be lost
Lose, because year, moon combination are without repeatability, the authorization code held before the user will forever can not be by the authentication.
And if directly being compared authorization code with reference to authorization code, then will show that the authorization code and reference authorization code of input are inconsistent
Conclusion, equally, failed authentication.
Scene 3:The USB flash disk 1 of (connecing scene 1) employee's second is lost accidentally, is picked up by the employee of rival company third.
It is same with scene 2, employee third because new authorization code can not be known, will be lost after authorization code and reference time update after
The continuous chance for accessing protected object.
Scene 4:(connecing scene 1) employee second gives USB flash disk 1 employee's fourth of rival company, and informs that it is nearest
Authorization code.
Preferably, what company's first should inspect periodically the USB flash disk of each employee holds situation, such as finds that someone loses or no longer held
There is USB flash disk, then will stop informing new authorization code to it, thus, it is possible to prevent employee's fourth to know newest authorization code all the time.
Fig. 3 is the schematic flow sheet of the method authenticated to user according to embodiments of the invention, is which basically illustrated
Operating procedure when terminal user attempts to authenticate, usually, at the end of server 3, authorization code can be periodically generated in advance,
And it is supplied to the user by certain interactive mode.Authentication process then can be described as following steps:
The method authenticated to user each step is more clearly introduced below in conjunction with the scene of several hypothesis:
Scene 1:Company's first newly enters employee's second, second have because need of work is equipped with company's proprietary data USB flash disk (with reference to
Fig. 1 reference calls USB flash disk 1 in the following text), a notebook computer (calling computer 2 in the following text with reference to Fig. 1) is further provided with, it is public
The server (calling server 3 in the following text with reference to Fig. 1) run in department by security centre is come all employees inside Heat & Control Pty Ltd. to each
From USB flash disk use.
Regularly (for example, each season namely 1 year 4 times) generation/renewal authorization code 22, the mandate of generation of server 3
Code 22 can be preferable through the secure communication between company's first and employee's second (for example, corporate mailbox system, short message cat etc.)
Inform to user.Then, this user, can be with the authorization code 22 realization pair within following season in theory
The access of protected object, that is, successfully passing the authentication performed by server 3.In other words, when user is (in this example
That is employee's second) USB flash disk 1 is inserted into computer 2, USB flash disk 1 can be with one authentication procedure of automatic running, or computer 2
Identify insertion is that then preferential one window requirement user of ejection completes authentication to USB flash disk 1.Then, in step S300,
User inputs the authorization code oneself being apprised of, and server 3 receives the authorization code 24 of user's input, now awarding due to input
Weighted code is also not verified, so we are referred to as authorization code to be tested, and the authorization code provided using server 3
22 different references 24.
The authorization code 24 to be tested of the user's input received can be directly entered step S304, and will by server 3
It is compared with the reference prestored a authorization code pair, and the result of comparison will cause different authenticating results, if that is, defeated
The authorization code entered and reference authorization code are inconsistent, then failed authentication, and the access request of user is rejected., whereas if defeated
The authorization code entered is consistent with reference to authorization code, then authenticates successfully, user is allowed access to the shielded object.Do not lose one
As property, described reference authorization code can be the last generation of server 3 or be generated and saved in when updating authorization code
At server 3, it informs that the authorization code to user is consistent with the last time, therefore, if the user having permission
The authentication request initiated in the authorization code term of validity, its result should be that authentication passes through.
An optional step S302 can be performed in a change case, between step S300 and step S304, wherein,
The authorization code 24 to be tested of input will first pass through the parsing of server 3.If server 3 is generated authorization code by we
22 process regards a cataloged procedure as, namely temporal information is encoded to authorization code 22, then, analyzing step S302
Corresponding decoding process is just can be regarded as, the authorization code 24 to be tested that server 3 is attempted to receive resolves to the time
Information, if the temporal information parsed be precisely the reference time (for example, server 3 when the year before last, the moon), can
To think to authenticate successfully, (server 3 is caused not ask for example, user inputs authorization code by mistake if can not parse temporal information
Solution), or the temporal information parsed and reference time mismatch, then it is assumed that failed authentication, user can not use/access
Protected object.Specifically, the above-mentioned judgement to authenticating result is completed into step S304.
With reference time unmatched typical example such as, authorization code 22 is in every for the temporal information parsed in step S302
User is supplied to after the generation in first day in individual season, employee's second obtained this authorization code (for area on January 1st, 2016
Divide and claim " authorization code in the first quarter "), and normally left office using up to March 20, and USB flash disk 1 is not submitted during leaving office.Then
Until on March 31st, 2016 after leaving office, if authentication process remains to have access to server 3, preceding employee's second can be with 1
Season, authorization code was continuing with protected data/software on USB flash disk 1.But to April 1, because server 3 starts
Authenticated using new month information (for example, year information " 2016 " and month information " 4 "), therefore, when
The authorization code in the first quarter that user's second is inputted is parsed in step S302 and year information " 2016 " is parsed and month letter
Cease after " 1 ", server 3 in step s 304 will be compared " 2016 " and " 1 " with " 2016 " " 4 ", find
Mismatch, then failed authentication.
It will be appreciated by those skilled in the art that server 3 updates authorization code 22 and updates its reference time or refer to authorization code
Cycle can be diversified.Can be according to actual conditions, with higher frequency (monthly or even weekly) or lower
Frequency (every half a year in even each year) updates, the need for adapting to reality.And these deformations and change are all the present invention's
Within the scope of spirit.
According to a change case, server 3 can by SMS, push the other manners such as window by the new of generation
Authorization code informs user.
According to an example, the authorization code 22 that server 3 is generated includes first yard of section, second code section and check code section, first,
Second code section is respectively year information and the function of month information, and check code Duan Ze is generated according to first and second yards of sections, so
It can be the function of year information and month information.Wherein, can in order to adapt to the difference monthly, quarterly changed of authorization code
To be configured to server 3, for example, exemplified by quarterly changing, server 3, can be with when generating authorization code January
" 1 " is used as month information, and if be also required in March generate authorization code, still use " 1 " as month information.
If per monthly variation, server 3 changes month information used every month.Equally, when performing step S304, mandate is worked as
When code quarterly changes, " 1 " can be all used the 1-3 months as the month information in the reference time, when will just refer to April
Between in month information updating be " 4 ", and if authorization code is per monthly variation, then step S304 upon execution, the reference of every month
Time is defined by of that month actual month information.
From above content, in the embodiment comprising step S302, it is preferable that the parsing determined in step S302
As a result, it is important to obtain correct compare with authenticating result for step S304.Therefore, in this embodiment, with the time
Information is process (the performed operations of step S302 are the reverse operation processes of generation operation) hope of parameter generation authorization code 22
Obtain such authorization code, i.e. authorization code 22 can parse year information used during generation authorization code 22 through step S302
With month information, also, the parsing has unique solution.
In one example, during generation authorization code 22, first, second yard of section can be generated according to following operation:
Step 1:According to below equation generation the first value corresponding with first yard of section and second value corresponding with second code section:
Formula 1:First value=Y2-a*Y+b;Second value=M3+c*M2+d*M+e*Y+f;Or
Formula 2:First yard of section=(Y-g) * (Y+h)+i+M;Second code section=(M+j)3+k*M+l*Y;
Step 2:The first value and second value to generation are respectively processed, to generate first yard of section and second code section.
Wherein, Y expressions of years information, M represents month information, a, b, c, d, e, f, g, h, i, j, k, l be according to aforementioned rule determine it is normal
Amount.
Specifically, server 3 is handled the first value and second value according to below equation, first yard of section of generation and second code section,
Wherein, first yard of section and second code section are respectively comprising three characters, for example, the first code segment table is shown as ABC, the second code segment table shows
For DEF.
Formula 3:First character of first yard of section=int (the first value/1296);Second character of first yard of section=int (the first value/36) mod
36;The value mod 36 of 3rd character of first yard of section=first;
Formula 4:The first character=int (second value/1296) of second code section;The second character=int (second value/36) mod of second code section
36;Three characters=second value mod 36 of second code section.
Wherein, int represents to ask whole (without rounding up), and mod represents remainder.
The following is the introduction that authorization code is generated with formula 1,3 and 4:
First, a specific example of formula 1 is such as:
First value=Y2-3687*Y+3374700;
Second value=M3+70*M2+1587*M+11*Y+12176。
In practicality, specific year information and month information are substituted into Y and M value by server 3.For example, with 2016
Exemplified by January in year, Y=2016, M=1, then first is worth=20162- 3687*2016+3374700=5964, second value=
13+70*12+ 1587*1+11*2016+12176=36010.
Correspondingly, each character of each yard of section is calculated according to formula 3 and formula 4, wherein, the value of the character of each yard of section
F (x) follows following relation:F (x)=x, x=0,1 ..., 9;F (x)=" A "~" Z ", x=9,10 ... 35
First character of first yard of section, A=int (5964/1296)=4;
Second character of first yard of section, B=int (5964/36) mod 36=21=L;
3rd character of first yard of section, C=5964 mod 36=24=O.
First character of second code section, D=int (36010/1296)=27=S;
Second character of second code section, E=int (36010/36) mod 36=28=T;
3rd character of second code section, F=36010 mod 36=10=B.
According to an example, check code section can be expressed as follows comprising 4 characters, α, beta, gamma, and δ, wherein
Round is the operation that rounds up:
α=Round (A/3+B/3+10)
β=Round (B/3+D/3+F/3)
γ=Round (C/3+F/3)
δ=Round (C/3+E/3+8)
So far, the authorization code ABCDEF α β γ δ being made up of 10 characters can be obtained.It is original according to an alternative
Authorization code can pass through first encoding (for example, upsetting the order of intercharacter) again and as real authorization code.
Above-mentioned calculating is reversible, that is, when being serviced device 3 is parsed above-mentioned authorization code in step s 302, can
Parse unique solution, year information " 2016 " and month information " 1 ".
Scene 2:(connecing scene 1) employee second when the contract expires does not renew labour contract, leaves office but does not give back USB flash disk 1 to company
Security centre.
Left office due to second and do not give back USB flash disk 1 but, although this period not updated in authorization code, he/her perhaps remained to access,
But once authorization code updates, the reference time that server 3 is used to authenticate in step s 304 comparison will change, original
Parsing of the authorization code through step S302 will be unable to time and the month information for obtaining matching with the new reference time, cause mirror
Power failure, because year, moon combination are without repeatability, the authorization code held before the user will forever can not be by the mirror
Power.And if directly being compared authorization code with reference to authorization code, then will draw the authorization code and reference authorization code of input not
Consistent conclusion, equally, failed authentication.
Scene 3:The USB flash disk 1 of (connecing scene 1) employee's second is lost accidentally, is picked up by the employee of rival company third.
It is same with scene 2, employee third because new authorization code can not be known, will be lost after authorization code and reference time update after
The continuous chance for accessing protected object.
Scene 4:(connecing scene 1) employee second gives USB flash disk 1 employee's fourth of rival company, and informs that it is nearest
Authorization code.
Preferably, what company's first should inspect periodically the USB flash disk of each employee holds situation, such as finds that someone loses or no longer held
There is USB flash disk, then will stop informing new authorization code to it, thus, it is possible to prevent employee's fourth to know newest authorization code all the time.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, and not
In the case of the spirit or essential attributes of the present invention, the present invention can be realized in other specific forms.Therefore, nothing
By from the point of view of which point, embodiment all should be regarded as exemplary, and be it is nonrestrictive, the scope of the present invention by
Appended claims rather than described above are limited, it is intended that will fall implication and scope in the equivalency of claim
Interior all changes are included in the present invention.Any reference in claim should not be considered as to the power involved by limitation
Profit is required.Furthermore, it is to be understood that the word of " comprising " one is not excluded for other units or step, odd number is not excluded for plural number.System rights
It is required that in multiple units for stating or device can also be realized by a unit or device by software or hardware.First,
Second grade word is used for representing title, and is not offered as any specific order.
Although above specifically shown and describe exemplary embodiment, it will be appreciated by those skilled in the art that
In the case of the spirit and scope without departing substantially from claims, it can be varied from terms of its form and details.Here
Sought protection is illustrated in the dependent claims.
Claims (11)
1. the authentication device (20) that couple user is authenticated, including:
One generation unit (210), is configured to generate an authorization code (22) according to a temporal information;
One transmitting element (220), is configured to the authorization code of generation being supplied to the user.
2. authentication device (20) according to claim 1, it is characterised in that also include:
One receiving unit (230), is configured to receive an authorization code (24) to be tested of user's input;
One processing unit (250), is configured to test to the authorization code to be tested, to obtain the mirror to the user
Weigh result.
3. authentication device (20) according to claim 2, it is characterised in that also include:
One resolution unit (240), is configured to parse the authorization code (24) to be tested, and the parsing includes tasting
Examination is recovered the temporal information for generating the authorization code to be tested by the authorization code to be tested;
The processing unit (250) is configured to, when the resolution unit is recovered for generating the authorization code to be tested
Temporal information when, the temporal information recovered is compared with a reference time, and institute is obtained according to comparative result
State authenticating result.
4. authentication device (20) according to any one of claim 1 to 3, it is characterised in that the temporal information bag
A year information and January information are included, the authorization code (22) includes one first yard of section, second code section and a school
Code section is tested, first yard of section, second code section are the function of the year information and the month information, institute
Check code section is stated to be generated according to first yard of section and second code section.
5. authentication device (20) according to any one of claim 1 to 3, it is characterised in that the generation unit (210)
It is configured to update the authorization code (22) in each season.
6. authentication device (20) according to any one of claim 1 to 3, it is characterised in that the generation unit (210)
First yard of section and second code section are generated according to following operation:
A. according to below equation generation one first value corresponding with first yard of section and with the second code section corresponding 1 the
Two-value:
Formula 1:First value=Y2-a*Y+b;Second value=the M3+c*M2+d*M+e*Y+f;Or
Formula 2:Described first value=(Y-g) * (Y+h)+i+M;The second value=(M+j)3+k*M+l*Y;
B. first value of generation and the second value are respectively processed, to generate first yard of section and described
Two yards of sections;
Wherein, Y represents the year information, and M represents the month information, a, b, c, d, e, f, g, h, i, j, k, l is constant.
7. authentication device (20) according to claim 6, it is characterised in that the generation unit (210) is according to following
Formula is handled first value and the second value, generates first yard of section and second code section, wherein,
First yard of section and second code section are respectively comprising three characters:
Formula 3:The first character=int (the first value/1296) of first yard of section;Second character of first yard of section=
Int (the first value/36) mod 36;The value mod 36 of 3rd character of first yard of section=first;
Formula 4:The first character=int (second value/1296) of the second code section;Second character of the second code section=
Int (second value/36) mod 36;Three characters=second value mod 36 of the second code section.
8. computer equipment (2,3), it is characterised in that including entering as any one of claim 1 to 7 to user
The authentication device (20) of row authentication.
9. the method authenticated in computer equipment (2,3) to user, comprises the following steps:
One authorization code (22) is generated according to a temporal information;
The authorization code of generation is supplied to the user.
10. method according to claim 9, it is characterised in that further comprising the steps of:
Receive an authorization code (24) to be tested of user's input;
The authorization code to be tested is tested, to obtain the authenticating result to the user.
11. method according to claim 10, it is characterised in that further comprising the steps of:
The authorization code (24) to be tested is parsed, it is extensive by the authorization code to be tested that the parsing includes trial
Appear again for the temporal information for generating the authorization code to be tested;
The checking procedure also includes, and believes when the time that the resolution unit is recovered for generating the authorization code to be tested
During breath, the temporal information recovered is compared with a reference time, and the authentication is obtained according to comparative result and is tied
Really.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610203526.9A CN107292138A (en) | 2016-04-01 | 2016-04-01 | Method, device and the computer equipment authenticated to user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610203526.9A CN107292138A (en) | 2016-04-01 | 2016-04-01 | Method, device and the computer equipment authenticated to user |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107292138A true CN107292138A (en) | 2017-10-24 |
Family
ID=60087361
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610203526.9A Pending CN107292138A (en) | 2016-04-01 | 2016-04-01 | Method, device and the computer equipment authenticated to user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107292138A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109190364A (en) * | 2018-08-01 | 2019-01-11 | 杭州电子科技大学 | A kind of safe U disc for solid state hard disk authentication |
| CN112132604A (en) * | 2020-11-11 | 2020-12-25 | 杨兆兴 | E-commerce platform transaction relationship management system based on AC authorization rules |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103294938A (en) * | 2012-02-29 | 2013-09-11 | 国际商业机器公司 | Access request verification method and system, authorization information generation method, hardware equipment |
| CN104321776A (en) * | 2012-03-23 | 2015-01-28 | 安比恩特公司 | Offline authentication with embedded authorization attributes |
-
2016
- 2016-04-01 CN CN201610203526.9A patent/CN107292138A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103294938A (en) * | 2012-02-29 | 2013-09-11 | 国际商业机器公司 | Access request verification method and system, authorization information generation method, hardware equipment |
| CN104321776A (en) * | 2012-03-23 | 2015-01-28 | 安比恩特公司 | Offline authentication with embedded authorization attributes |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109190364A (en) * | 2018-08-01 | 2019-01-11 | 杭州电子科技大学 | A kind of safe U disc for solid state hard disk authentication |
| CN112132604A (en) * | 2020-11-11 | 2020-12-25 | 杨兆兴 | E-commerce platform transaction relationship management system based on AC authorization rules |
| CN112132604B (en) * | 2020-11-11 | 2021-07-16 | 杨兆兴 | E-commerce platform transaction relationship management system based on AC authorization rules |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11276131B2 (en) | Property management system utilizing a blockchain network | |
| US9350726B2 (en) | Recovery from rolling security token loss | |
| US9032507B2 (en) | Access request authentication and authorization information generation | |
| US11005850B2 (en) | Access control for database | |
| US20180196875A1 (en) | Determining repeat website users via browser uniqueness tracking | |
| CN110119428A (en) | A kind of block chain information management method, device, equipment and storage medium | |
| Alkussayer et al. | A scenario-based framework for the security evaluation of software architecture | |
| AU2010234453A1 (en) | Electronic transactions system | |
| EP2340503A2 (en) | Systems and processes for securing sensitive information | |
| US20210208755A1 (en) | Systems and methods for automatically associating objects with a value | |
| CN107341534A (en) | A kind of electronic card copy prevention method, device and management server | |
| CN112163199A (en) | Login authentication method, device, equipment and storage medium using public account | |
| CN108629484A (en) | It attends a banquet qualification management method, apparatus and storage medium | |
| CN107292138A (en) | Method, device and the computer equipment authenticated to user | |
| DE112018006031B4 (en) | AUTHENTICATE A PAYMENT CARD | |
| US20210398113A1 (en) | Status system with data security for transactions | |
| CN110033367A (en) | Based on the contract record method and device of block chain, electronic equipment | |
| Nagar et al. | A semantically rich knowledge representation of PCI DSS for cloud services | |
| CN113037505A (en) | Method and system for realizing trusted Web application | |
| CN103379105A (en) | Access method and system for enterprise information system in application platform | |
| US20200213446A1 (en) | System and method for computer-implemented automated assistance including interactive enclosure unlocking | |
| Chen et al. | Design of intelligent locks based on the triple KeeLoq algorithm | |
| US20100153342A1 (en) | Vim next generation - migration | |
| Govinda et al. | Implementation of Election System Using Blockchain Technology | |
| US20170213426A1 (en) | Pin encryption techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171024 |