CN100518063C - Physical certifying method and device - Google Patents
Physical certifying method and device Download PDFInfo
- Publication number
- CN100518063C CN100518063C CNB2007101190709A CN200710119070A CN100518063C CN 100518063 C CN100518063 C CN 100518063C CN B2007101190709 A CNB2007101190709 A CN B2007101190709A CN 200710119070 A CN200710119070 A CN 200710119070A CN 100518063 C CN100518063 C CN 100518063C
- Authority
- CN
- China
- Prior art keywords
- physical certifying
- module
- physical
- certifying
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 230000015654 memory Effects 0.000 claims abstract description 11
- 238000012545 processing Methods 0.000 claims description 37
- 230000008569 process Effects 0.000 claims description 12
- 238000004891 communication Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 230000008676 import Effects 0.000 claims description 2
- 230000000977 initiatory effect Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 5
- 238000009434 installation Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 210000001747 pupil Anatomy 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000003756 stirring Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Abstract
The method comprises; setting up a key and a corresponding relation between the operation command and the physical authentication; receiving the operation command; enquiring the key used by the operation command; according to the key, establishing a corresponding relation between the operation command and the physical authentication to get the physical authentication mode corresponding to the operation command; according to the physical authentication mode, initiating a physical authentication operation; if the physical authentication is passed, executing the operation command; otherwise, ending the procedure. The apparatus of the physical authentication comprise: an operation corresponding relation module, a processor, a physical authentication module respectively connected to the processor, an operational calculation module and a data memory module.
Description
Technical field
The present invention relates to computer and field of communication security, relating in particular to is a kind of method and device of physical certifying.
Background technology
In any network trading environment, safety problem mainly is present in information source, the stay of two nights and channel, is present in server, network and client in other words.The fail safe of server at present can guarantee by adopting physics control, safety management, high-grade hardware platform and means such as operating system, system and the network security software and equipment.Safety of data transmission can be fine by solution of data encrypting and deciphering technology and effect based on cryptography method on the network.Client is meant the application program that is installed on the user's computer and relevant software and hardware running environment thereof, check owing to the uncontrollable user's computer of network management system and to it, and, it is to pass through network that client user under the network environment obtains service manner, replaced traditional face-to-face acquisition service manner, this change of method of service makes the client user change " netter " into by the natural person.Therefore, the legitimacy of the legitimacy of client " netter " identity and transaction just becomes the important means that guarantees client secure.
In the prior art, be to guarantee the safety of network trading, by client user's identity is carried out that the legitimacy authentication technology mainly contains based on the digital signature technology of smart card techniques, the password authentication technology that is similar to versabus key electronic installations such as (USB KEY), PKI (Public Key Infrastructure) system etc.These authentication modes can be realized the authentication to the legitimacy of transaction, also can be to a certain extent the legitimacy of user's identity be authenticated, but these authentication modes can not solve the binding issue between legal user and the electronic installation, promptly can not guarantee it is that legal user is being engaged in legal transaction.Such as, " wooden horse " program that resides in the subscriber computer can be by the running of monitoring client application, under the complete unwitting situation of legal user, obtain legal use password, and can start the legal digital signature of electronic installation generation, finish the online transaction process, so still there is big potential safety hazard in these authentication modes.
Summary of the invention
One of purpose of the present invention is to provide a kind of method of physical certifying, can be according to the employed key of different operational orders, come definite physical certifying mode that needs, realization is to the authentication of user's legal identity, thereby is that legal user is being engaged in legal transaction when guaranteeing network trading.
The method of this physical certifying comprises step:
S1, the corresponding relation of key, operational order and physical certifying mode is set in the device of physical certifying;
The device of S2, described physical certifying receives the operational order that client sends;
The device of S3, described physical certifying is according to the key identification that is comprised in the operational order, know the employed key of operational order, key in the device of key identification and physical certifying is corresponding one by one, according to the corresponding relation of described key, operational order and physical certifying mode, determine the pairing physical certifying mode of this operational order;
S4, user initiate physical certifying information according to described physical certifying mode to the device of described physical certifying, the device of described physical certifying receives physical certifying information, and whether more described physical certifying information is consistent with the corresponding physics authentication information of storage, if unanimity then physical certifying pass through, enter step S5, otherwise, process ends;
The device of S5, described physical certifying is carried out described operational order.
Wherein, described key is two or more, and the corresponding relation of described key, operational order and physical certifying mode constitutes two-dimensional operation control tabulation.
In step S2, described operational order comprises safe computing order or reading and writing data order.
In step S3, determine also to comprise the step that sends the physical certifying information to the user after the pairing physical certifying mode of operational order.
In step S4, described user initiates physical certifying information according to described physical certifying mode to the device of described physical certifying, the device of described physical certifying receives physical certifying information, and the corresponding physics authentication information of more described physical certifying information and storage whether consistent process is:
The user initiates physical certifying information to the physical certifying actuator of the device of described physical certifying;
Physical certifying actuator receives described physical certifying information, and whether more described physical certifying information is consistent with the corresponding physics authentication information of storage.
The advantage of the method for physical certifying of the present invention is: by the corresponding relation of key, operational order and physical certifying mode is set, according to the employed key of different operational orders, come definite physical certifying mode that needs, realization is to the authentication of user's legal identity, thereby it is legal not only concluding the business when guaranteeing network trading, and dealer's identity also is legal.
For in an equipment, using under the situation of a plurality of keys, adopt this method, can be according to the employed different keys of operational order, specify the physical certifying mode that needs respectively, realized the flexibility of many keys uses and the flexibility of physical certifying, made things convenient for and realized different physical certifyings when in an equipment, using different key easily.
Another object of the present invention is to provide a kind of device of physical certifying, can be according to the employed key of different operational orders, come definite physical certifying mode that needs, realization is to the authentication of user's legal identity, thereby is that legal user is being engaged in legal transaction when guaranteeing network trading.
The device of this physical certifying links to each other with client, and the device of this physical certifying comprises:
The corresponding relation module is controlled in operation, is provided with the corresponding relation of key, operational order and physical certifying mode;
Processing module, be used for receiving the operation instruction information that client sends by communication interface modules, according to the key identification that is comprised in the operational order, know the employed key of operational order, key identification is corresponding one by one with the key that operation is controlled in the corresponding relation module, according to described key, the corresponding relation of operational order and physical certifying mode, determine the pairing physical certifying mode of this operational order, and the authentication result of reception physical certifying module transmission, send the order of carrying out associative operation to the operation module, and receive the execution result that the operation mould is determined;
The physical certifying module links to each other with processing module, is used to receive the physical certifying information of user's input, and the physical certifying information of user's input and the physical certifying information of storage are compared, and draws authentication result, and authentication result is sent to processing module;
The operation module links to each other with processing module, is used for the executable operations instruction;
Data memory module links to each other with processing module, is used to preserve user data and application data;
Communication interface modules links to each other with processing module, is used for carrying out between processing module and the client information interaction.
Wherein, described operation control corresponding relation module comprises:
The list storage module is controlled in operation, stores the corresponding relation of key, operational order and physical certifying mode;
Operation control list query module, the request according to processing module sends sends query requests to operation control list storage module, and described Query Result is sent to processing module.
The physical certifying module comprises physical certifying actuator and authentication comparison module; Physical certifying actuator is used to receive the physical certifying information that the user imports, and described physical certifying information is sent to described authentication comparison module; Described authentication comparison module is used for the physical certifying information of user's input and the physical certifying information of storage are compared, and draws authentication result.
Described physical certifying module comprises biological characteristic recognition module or/and the operating characteristics identification module.
The device of this physical certifying also comprises the physical certifying operation indicating module that links to each other with processing module, is used to point out the user to carry out physical certifying on the physical certifying module.
The advantage of the device of physical certifying of the present invention is: by the corresponding relation of key, operational order and physical certifying mode is set in operation control corresponding relation module; The processing module query manipulation instructs employed key, according to the corresponding relation of described key, operational order and physical certifying mode, determines the pairing physical certifying mode of operational order; The physical certifying module, physical certifying operation the carrying out physical certifying that the user is initiated according to described physical certifying mode, realization is to the authentication of user's legal identity, be legal thereby not only conclude the business when guaranteeing network trading, and dealer's identity also is legal.
For in an equipment, using under the situation of a plurality of keys, adopt this device, can be according to the employed different keys of operational order, specify the physical certifying mode that needs respectively, realized the flexibility of many keys uses and the flexibility of physical certifying, made things convenient for and realized different physical certifyings when in an equipment, using different key easily.
Description of drawings
Fig. 1 is the structural representation of the device of physical certifying of the present invention;
Fig. 2 is the schematic flow sheet of the method for physical certifying of the present invention;
Fig. 3 is the schematic flow sheet of one embodiment of the invention;
Fig. 4 is for revising the schematic flow sheet that the present invention operates the control tabulation.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described.
By the corresponding relation of key, operational order and physical certifying mode is set; Query manipulation instructs employed key, according to the corresponding relation of described key, operational order and physical certifying mode, determines the pairing physical certifying mode of operational order; Physical certifying operation the carrying out physical certifying that the user initiates according to described physical certifying mode is realized the authentication to user's legal identity.For in an equipment, using under the situation of a plurality of keys, can specify the physical certifying mode that needs respectively according to the employed different keys of operational order, realized the flexibility of many keys uses and the flexibility of physical certifying.
See also the structure chart of the device of Fig. 1 physical certifying of the present invention.The device 300 of physical certifying of the present invention links to each other with client, and the device 300 of this physical certifying comprises:
Corresponding relation module 310 is controlled in operation, is provided with the corresponding relation of key, operational order and physical certifying mode;
Processing module 320, be used to receive the operation instruction information that client sends, inquire about the employed key of this operational order, corresponding relation according to described key, operational order and physical certifying mode, know the pairing physical certifying mode of this operational order, and receive the authentication result that physical certifying module 330 sends, send the order of carrying out associative operation to operation module 340, and receive the execution result of operation module;
Physical certifying module 330 links to each other with processing module, is used for physical certifying is carried out in the physical certifying operation that the user initiates according to described physical certifying mode, and authentication result is sent to processing module 320;
Operation module 340 links to each other with processing module 320, is used for the executable operations instruction;
Data memory module 350 links to each other with processing module 320, is used to preserve user data and application data.
Described operation control corresponding relation module 310 comprises:
Operation control list storage module 3101, link to each other with processing module, it can be firmware memory, as ROM, EPROM, EEPROM or nonvolatile memory (NAND FLASH), but be not limited to these memories, can be intelligent card chip also, be used to store the operation control tabulation of carrying out the safety certification operation;
Operation control list query module 3102 links to each other with processing module, and the request according to processing module 320 sends sends query requests to operation control list storage module 3101, and described Query Result is sent to processing module 320.
For guaranteeing communicating by letter of described processing module 320 and client, the device 300 of this physical certifying also comprises the communication interface modules 360 that links to each other with processing module 320, is used for carrying out between processing module 320 and the client information interaction.
Described communication interface modules 360 can be USB (universal serial bus) module, HSSI High-Speed Serial Interface module, parallel interface module or live wire (IEE1394) interface module etc.
Described physical certifying module 330 comprises physical certifying actuator 3301 and authentication comparison module 3302;
Described physical certifying actuator 3301, comprise fingerprint capturer, iris capturing device, key device, toggle switch device etc., link to each other with processing module, be used to receive the physical certifying information of user's input, and described physical certifying information is sent to described authentication comparison module;
Described authentication comparison module 3302 is used for the physical certifying information of user's input and the physical certifying information of storage are compared, and draws authentication result.
Described physical certifying module 330 comprises biological characteristic recognition module or/and the operating characteristics identification module.
For ease of reminding user's input authentication information, the device 300 of this physical certifying also comprises the physical certifying operation indicating module 370 that links to each other with processing module, is used to point out the user to carry out physical certifying on the physical certifying module.
Described physical certifying operation indicating module 370 comprises one of following content or combination:
Sound-producing device, light-emitting device, vibrating device.
Sound-producing device can be buzzer or voice device etc., and light-emitting device can be a light-emitting diode.
Described data memory module 350 links to each other with processing module, for EPROM, EEPROM, intelligent card chip, nonvolatile memory (NAND FLASH), hard disk or portable hard drive etc., is used for storaging user data and application data.In the device of the present invention, list query module 3102 is controlled in communication interface modules 360, operation control list storage module 3101, operation, operation module 340 can be partly or entirely in processing module, and physical certifying operation indicating module 370 also can be deleted according to the physical certifying operation indicating mode of describing in the operation control tabulation.
The following describes the embodiment of the method for a kind of physical certifying of the present invention.
In order to realize the binding between legal user and the physical certifying device, the operation control tabulation that the present invention proposes, as shown in table 1.
Table 1 operation control list structure
| Key identification | Operational order | The physical certifying operation | The valid function judgment rule | Biological characteristic comparison information memory location | The maximum delay stand-by period | Effective closing date | Physical certifying operation indicating pattern |
| 0x01 | Data encryption | Press button | Touch potential=N time (N 〉=1) | / | M millisecond (M 〉=1) | YY-MM-DD | Client |
| 0x01 | Data decryption | Stir position switch | The B point is pulled out from the A point in the position of the switch, pulls out the A point again | / | M millisecond (M 〉=1) | YY-MM-DD | Light flash |
| 0x02 | Digital signature | Fingerprint comparison | The comparison consistency | EF10 file in the intelligent card chip | M millisecond (M 〉=1) | YY-MM-DD | Auditory tone cues |
| 0x03 | Data decryption | Press button | Touch potential=N time (N 〉=1) | / | M millisecond (M 〉=1) | YY-MM-DD | Client |
| 0x04 | The read operation of SCSI regulation | Press button | Touch potential=N time (N 〉=1) | / | M millisecond (M 〉=1) | YY-MM-DD | Client |
| 0x05 | The write operation of SCSI regulation | Press button | Touch potential=N time (N 〉=1) | / | M millisecond (M 〉=1) | YY-MM-DD | Client |
Comprise key identification, operational order content and corresponding physical authentication mode in table 1, operational order comprises safe computing and reading and writing data.Safe operation content can be data encryption, data decryption, digital signature, digital digest etc.; The reading and writing data content can be the read/write operation of SCSI regulation etc.The physical certifying mode comprises operating characteristics identification authentication, living things feature recognition authentication or the combination of the two; Wherein, operating characteristics identification authentication comprises that button stirs position switch; The living things feature recognition authentication comprises fingerprint comparison, pupil comparison, the authentication of lip feature etc.
Also comprise physical certifying efficient in operation judgment rule in this table 1, such as touch potential etc.
Also comprise biological characteristic comparison information memory location in this table 1, as EF10 file in the intelligent card chip etc.
Also comprise maximum delay stand-by period or effective deadline in this table 1.
Illustrate the concrete application of table 1 below.
In effective time, when client requires the physical certifying device to use key 0x01 to finish the data encryption computing, the physical certifying device is only received 1 effective button operation of legal user in 500 milliseconds after, could carry out the operation of data cryptographic calculation, and operation result is returned client;
Similarly, in effective time, when client requires the physical certifying device to use key 0x01 to finish the data decryption computing, after the physical certifying device is only received in 500 milliseconds and is effectively stirred the position switch operation for 1 time of legal user, could carry out the operation of data decrypt operation, and operation result is returned client;
In effective time, when client requires the physical certifying device to use key 0x02 to finish the data signature computing, the physical certifying device is only finished fingerprint collecting and the contrast to legal user in 1000 milliseconds, and compare legal after, could carry out the data signature arithmetic operation, and operation result is returned client.
Table 1 only is the applicating example of operation control tabulation, and the corresponding relation that the physical certifying that to be not safe computing that the physical certifying device is realized provide with legal user is operated is defined in this.
As shown in table 1, when different keys carries out identical operations, its physical certifying mode can be different, the 0x01 key is different with the physical certifying mode that the 0x03 key is arranged when carrying out data decryption, also can set in actual applications when a key carries out data manipulation has specific physical certifying mode, and other key does not require physical certifying when carrying out identical data manipulation.Such as, when the dialing logon,, online takes place because relating to expense, can exert an influence to the user, so the login of this moment needs user's physical certifying, logining to determine validated user; And the login shopping website is when browsing commodity, and not relating to expense this moment takes place, less to the influence that the user produces, and is convenient user's login, and the physical certifying that do not need the user this moment carries out physical certifying again when doing shopping payment.
Figure 2 shows that the schematic flow sheet of the method for physical certifying of the present invention, be applicable to that client passes through the system of the device executable operations instruction of physical certifying, comprise step:
100, the corresponding relation of key, operational order and physical certifying mode is set in the device of physical certifying;
101, client transmit operation instruction; The device of described physical certifying receives the operational order that client sends;
102, the device of described physical certifying is determined the pairing physical certifying mode of this operational order; Detailed process is: the device query manipulation of physical certifying instructs employed key, according to the corresponding relation of described key, operational order and physical certifying mode, determines the pairing physical certifying mode of this operational order.
Query manipulation instructs the method for employed key to be: according to the key identification that is comprised in the operational order, know the employed key of operational order, key in the device of key identification and physical certifying is corresponding one by one, for example among the RSA private key signature instruction CLA INS P1 P2 Lc DATA Le, P1P2 represents the identifier of private key, can determine the key that needs use according to this identifier, thereby determine the corresponding physical authentication mode.
| Code | Length (byte) | Value (Hex) | Describe |
| CLA | ?1 | ?80 | Instruction code |
| INS | ?1 | ?C2 | Instruction code |
| P1P2 | ?2 | ?XXXX | The private key file identifier |
| Lc | ?1 | ?XX | The data length of signing |
| DATA | ?XX | ?XX...XX | The data that need signature |
| Le | ?1 | ?80 | The response data length of expectation |
103, the user initiates the physical certifying operation according to described physical certifying mode to physical certifying mechanism;
104, do you judge that described physical certifying passes through? if physical certifying passes through, enter step 105, otherwise, process ends;
105, the device of described physical certifying is carried out described operational order;
106, saving result withdraws from, process ends.
Described key is two or more, and the corresponding relation of described key, operational order and physical certifying mode constitutes two-dimensional operation control tabulation; In described operation control tabulation, key, operational order content and corresponding physical authentication mode are set.
Described operation control tabulation is two-dimensional table, the row of two-dimensional table correspond respectively to key, with corresponding operational order of key and physical certifying mode; The row of two-dimensional table corresponds respectively to different keys, with corresponding operational order of variant key and physical certifying mode.
In the described operation control tabulation, also comprise physical certifying efficient in operation judgment rule.
In the described operation control tabulation, also comprise maximum delay stand-by period or effective deadline of physical certifying operation.
In the step 101, described operational order comprises safe computing order or/and the reading and writing data order;
Described safe computing order comprises data encryption, data decryption, digital signature, digital digest;
Described reading and writing data order comprises the read write command of SCSI (Small Computer Systems Interface small computer system interface) regulation.
In the described step 102 and 103, described physical certifying mode comprises biological characteristic authentication or/and the operating characteristics authentication.
Described biological characteristic authentication comprises fingerprint characteristic authentication, the authentication of pupil feature or the authentication of lip feature.
Described operating characteristics authentication comprises the operation of button operation or toggle switch.
Described step 103 further may further comprise the steps:
1031, the user initiates physical certifying information to physical certifying actuator;
1032, physical certifying actuator receives described physical certifying information, and whether more described physical certifying information is consistent with the corresponding physics authentication information of storage, if consistent, enters step 1033, if inconsistent, enters step 1034;
1033, user's physical certifying passes through;
1034, refusing user's is passed through physical certifying.
For ease of reminding user's input authentication information, in the described step 102, also comprise the step that sends the physical certifying information to the user.
Described physical certifying information is auditory tone cues information, sense of touch information or visual cues information.
Safe operational order operating process below in conjunction with the device of concrete physical certifying illustrates the solution of the present invention.
Embodiment 1:
As shown in Figure 3, be the schematic flow sheet of embodiment 1, this flow chart has been demonstrated the process that the user uses the computing of the invention process safety, as seen from the figure, mainly may further comprise the steps:
S11, client send safe operational order to the device of physical certifying;
The device of S12, physical certifying is according to the employed cipher key lookup operation of safety operational order control tabulation;
Does the device of S13, physical certifying judge that this key has corresponding operation controlling recording? if, enter step S14, if not, enter step S17;
The device of S14, physical certifying is extracts physical authentication mode information from the operation controlling recording;
The device of S15, physical certifying returns to client with physical certifying information, and the Client-Prompt user carries out corresponding physical certifying;
Does the device of S16, physical certifying judge that physical certifying passes through? if, enter step S17, if not, enter step S19;
The device of S17, physical certifying is carried out safe operational order;
The device of S18, physical certifying returns operation result and gives client, finishes;
The device of S19, physical certifying returns error message and gives client, finishes.
In actual use, can make amendment to operation control tabulation as required, add or deletion, so that more flexibly physical certifying is controlled.Only make brief description below with regard to the process of retouching operation control tabulation.
Figure 4 shows that the schematic flow sheet of retouching operation control tabulation.
As seen from the figure, retouching operation control tabulation mainly may further comprise the steps:
S201, trusted servers generate and comprise the packet of specifying key, assigned operation instruction and specifying the physics authentication mode, and encrypt;
S202, trusted servers send to encrypted packets the device of physical certifying by special instruction;
The packet retouching operation control tabulation that the device deciphering of S203, physical certifying is received;
The device of S204, physical certifying generates response data packet, and encrypts;
The device of S205, physical certifying sends to trusted servers with encrypted packets by special instruction;
S206, trusted servers are received packet, judge whether and the packet that sends meets, and the trust state of the device of this physical certifying is set;
S207, retouching operation control end of list (EOL).
Claims (10)
1, a kind of method of physical certifying is characterized in that: comprise step:
S1, the corresponding relation of key, operational order and physical certifying mode is set in the device of physical certifying;
The device of S2, described physical certifying receives the operational order that client sends;
The device of S3, described physical certifying is according to the key identification that is comprised in the operational order, know the employed key of operational order, key in the device of key identification and physical certifying is corresponding one by one, according to the corresponding relation of described key, operational order and physical certifying mode, determine the pairing physical certifying mode of this operational order;
S4, user initiate physical certifying information according to described physical certifying mode to the device of described physical certifying, the device of described physical certifying receives physical certifying information, and whether more described physical certifying information is consistent with the corresponding physics authentication information of storage, if unanimity then physical certifying pass through, enter step S5, otherwise, process ends;
The device of S5, described physical certifying is carried out described operational order.
2, the method for physical certifying according to claim 1 is characterized in that: described key is two or more, and the corresponding relation of described key, operational order and physical certifying mode constitutes two-dimensional operation control tabulation.
3, the method for physical certifying according to claim 1 and 2 is characterized in that: in step S2, described operational order comprises safe computing order or reading and writing data order.
4, the method for physical certifying according to claim 1 is characterized in that: in step S3, determine also to comprise the step that sends the physical certifying information to the user after the pairing physical certifying mode of operational order.
5, the method for physical certifying according to claim 1, it is characterized in that: in step S4, described user initiates physical certifying information according to described physical certifying mode to the device of described physical certifying, the device of described physical certifying receives physical certifying information, and the corresponding physics authentication information of more described physical certifying information and storage whether consistent process is:
The user initiates physical certifying information to the physical certifying actuator of the device of described physical certifying;
Physical certifying actuator receives described physical certifying information, and whether more described physical certifying information is consistent with the corresponding physics authentication information of storage.
6, a kind of device of physical certifying links to each other with client, it is characterized in that: the device of this physical certifying comprises:
The corresponding relation module is controlled in operation, is provided with the corresponding relation of key, operational order and physical certifying mode;
Processing module, be used for receiving the operation instruction information that client sends by communication interface modules, according to the key identification that is comprised in the operational order, know the employed key of operational order, key identification is corresponding one by one with the key that operation is controlled in the corresponding relation module, according to described key, the corresponding relation of operational order and physical certifying mode, determine the pairing physical certifying mode of this operational order, and the authentication result of reception physical certifying module transmission, send the order of carrying out associative operation to the operation module, and receive the execution result of operation module;
The physical certifying module links to each other with processing module, is used to receive the physical certifying information of user's input, and the physical certifying information of user's input and the physical certifying information of storage are compared, and draws authentication result, and authentication result is sent to processing module;
The operation module links to each other with processing module, is used for the executable operations instruction;
Data memory module links to each other with processing module, is used to preserve user data and application data;
Communication interface modules links to each other with processing module, is used for carrying out between processing module and the client information interaction.
7, the device of physical certifying according to claim 6 is characterized in that: described operation control corresponding relation module comprises:
The list storage module is controlled in operation, stores the corresponding relation of key, operational order and physical certifying mode;
Operation control list query module, the request according to processing module sends sends query requests to operation control list storage module, and described Query Result is sent to processing module.
8, the device of physical certifying according to claim 6 is characterized in that: the physical certifying module comprises physical certifying actuator and authentication comparison module;
Physical certifying actuator is used to receive the physical certifying information that the user imports, and described physical certifying information is sent to described authentication comparison module;
Described authentication comparison module is used for the physical certifying information of user's input and the physical certifying information of storage are compared, and draws authentication result.
9, the device of physical certifying according to claim 6 is characterized in that: described physical certifying module comprises biological characteristic recognition module or/and the operating characteristics identification module.
10, the device of physical certifying according to claim 6 is characterized in that: also comprise the physical certifying operation indicating module that links to each other with processing module, be used to point out the user to carry out physical certifying on the physical certifying module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007101190709A CN100518063C (en) | 2007-06-19 | 2007-06-19 | Physical certifying method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007101190709A CN100518063C (en) | 2007-06-19 | 2007-06-19 | Physical certifying method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101075876A CN101075876A (en) | 2007-11-21 |
| CN100518063C true CN100518063C (en) | 2009-07-22 |
Family
ID=38976710
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007101190709A Active CN100518063C (en) | 2007-06-19 | 2007-06-19 | Physical certifying method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100518063C (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101867475B (en) * | 2010-05-27 | 2013-04-24 | 华为终端有限公司 | Access authentication method and related device of remote control terminal service and communication system |
| CN102173229B (en) * | 2011-01-07 | 2012-10-31 | 珠海天威技术开发有限公司 | Chip and authentication method thereof |
| CN102611551A (en) * | 2011-01-20 | 2012-07-25 | 深圳市文鼎创数据科技有限公司 | Physical authentication method, physical authentication device, and dynamic password token |
| CN102831335B (en) * | 2011-06-16 | 2015-08-05 | 中国科学院数据与通信保护研究教育中心 | A kind of method for security protection of Windows operating system and system |
| CN105450407A (en) * | 2014-07-31 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Identity authentication method and device |
| US10089607B2 (en) * | 2014-09-02 | 2018-10-02 | Apple Inc. | Mobile merchant proximity solution for financial transactions |
| CN104217175B (en) * | 2014-09-05 | 2018-04-20 | 北京邮电大学 | A kind of data read-write method and device |
| CN105450418A (en) * | 2014-09-22 | 2016-03-30 | 中兴通讯股份有限公司 | IKE authentication method, IKE initiating terminal, IKE response terminal and IKE authentication system |
| CN104915606A (en) * | 2015-05-29 | 2015-09-16 | 努比亚技术有限公司 | File encryption and decryption methods and devices |
| US9832024B2 (en) | 2015-11-13 | 2017-11-28 | Visa International Service Association | Methods and systems for PKI-based authentication |
-
2007
- 2007-06-19 CN CNB2007101190709A patent/CN100518063C/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101075876A (en) | 2007-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100518063C (en) | Physical certifying method and device | |
| EP3375161B1 (en) | Single sign-on identity management between local and remote systems | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN102648610B (en) | The strong authentication token used together with supplier can be independently applied with multiple | |
| EP2815535B1 (en) | Credential management system | |
| CN111464500B (en) | Method, device, equipment and storage medium for sharing protocol data | |
| CN102457507B (en) | Cloud computing resources secure sharing method, Apparatus and system | |
| US20160307194A1 (en) | System and method for point of sale payment data credentials management using out-of-band authentication | |
| CN111488596A (en) | Data processing permission verification method and device, electronic equipment and storage medium | |
| CN100542088C (en) | A kind of physical certifying method and a kind of electronic installation | |
| US20150242609A1 (en) | Universal Authenticator Across Web and Mobile | |
| CN109362074A (en) | The method of h5 and server-side safety communication in a kind of mixed mode APP | |
| CN112507320A (en) | Access control method, device, system, electronic equipment and storage medium | |
| CN114780923A (en) | Electronic seal management and control method and system | |
| CN101212301B (en) | Authentication device and method | |
| KR101792220B1 (en) | Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication | |
| CN114760070A (en) | Digital certificate issuing method, digital certificate issuing center and readable storage medium | |
| US10666644B2 (en) | Enterprise key and password management system | |
| CN101931530B (en) | Generation method, authentication method and device for dynamic password and network system | |
| CN113763621A (en) | Access control authorization method, management client and system based on block chain | |
| JP6240102B2 (en) | Authentication system, authentication key management device, authentication key management method, and authentication key management program | |
| CN105072136A (en) | Method and system for security authentication between devices based on virtual drive | |
| EP3410331A1 (en) | A system and method for transferring data to an authentication device | |
| US20170373842A1 (en) | System and Method for Authenticating Public Artworks and Providing Associated Information | |
| CN112995160B (en) | Data decryption system and method, terminal, server and non-transient storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING WATCHDATA Co.,Ltd. Person in charge of patents Document name: payment instructions |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING WATCHDATA Co.,Ltd. Person in charge of patents Document name: payment instructions |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING WATCHDATA Co.,Ltd. Person in charge of patents Document name: Notice of Termination of Patent Rights |