Obtain the method and system of user profile
Technical field
The present invention relates to information security field, particularly a kind of method and system that obtains user profile.
Background technology
In the prior art, identification authentication mode based on hardware device is a kind of convenience that grew up in recent years, safe, economic identity identifying technology, hardware device generally is built-in with single-chip microcomputer or intelligent card chip, can store user's key or digital certificate, utilize the built-in cryptographic algorithm of hardware device can realize authentication user identity.Usually hardware device adopts USB interface to link to each other with computer.The user must import correct authentication information, the data in just can obtaining and use a computer when utilizing hardware device to carry out authentication.The double strong factor certification mode of this one-time pad has solved the contradiction between fail safe and the ease for use well.
Information safety devices is a kind of small hardware device that has processor and memory, and it can be connected with computer by the data communication interface of computer.It has the key systematic function, but safe storage key, and can preset cryptographic algorithm, have functions such as E-mail enciphered, digital signature, safety certificate, secure network login and visit SSL (secure Sockets Layer, secure socket layer protocol layer) secure network.Information safety devices also has the feature that the private key that guarantees the user leaves hardware device never in addition, and the characteristic of attack protection physically, and fail safe is high, and information safety devices has been widely used in the data security field at present.
Each information safety devices all has unique hardware sequence number, and the user is when buying information safety devices, and the manufacturer can bind the unique hardware sequence number of user profile and information safety devices, and stores in the database together.When information safety devices was lost or damage, the manufacturer can obtain user profile and hardware sequence number from database after checking user's legal identity, produced an information safety devices identical with the original equipment function again and offered the user.Because the database self-capacity is big, the cost of complex management, construction and maintenance is all very high, in case and database make a mistake, just can't obtain user profile, can not regenerate same information safety devices again, can bring great loss to the user.
One-way Hash algorithm is a kind of message digest algorithm, and it can produce a unique one-way Hash algorithm value to expressly carrying out computing.One-way Hash algorithm is irreversible algorithm, can't be from the anti-original value of releasing of operation result, and it is technical that it is widely used in encryption and decryption, for example, MD5 (Message Digest Algorithm5, Message Digest 5), SHA (Secure HashAlgorithm, Secure Hash Algorithm) etc.
Summary of the invention
In order to solve in the prior art when information safety devices is lost or damage, obtain the problem that administers and maintains that user profile depends on database, the invention provides a kind of method of obtaining user profile, specifically may further comprise the steps:
When information of registered users, carry out following steps:
Steps A: information safety devices is with after computer is connected, and described computer reads the hwid of described information safety devices;
Step B: described computer obtains the log-in password and the user profile of user's input, and the described log-in password of union generates registration code, described registration code, user profile and hwid is associated together preserves;
When obtaining described user profile, carry out following steps:
Step C: described computer judges whether to read the hwid of information safety devices,
If can read the hwid of information safety devices, then described computer reads the hwid of described information safety devices, and search and whether preserve in the described computer and the corresponding to hwid of this hwid, if find, then obtain described user profile;
If can not read the hwid of information safety devices, then obtain the user password of user's input, whether the described user password of union generates input code, search and preserve in the described computer and the corresponding to registration code of this input code, if find, then obtain described user profile.
Described registration code generates for utilizing one-way Hash algorithm that described log-in password is carried out computing; Described input code generates for utilizing one-way Hash algorithm that described user password is carried out computing.
Described one-way Hash algorithm is MD5 or SHA.
Described user profile is one or more in production number, guarantee number, subscriber data, product type and the information safety devices data.
The present invention also provides a kind of system that obtains user profile, and described system comprises:
Registering modules is used for when information of registered users information safety devices being connected with computer, reads the hwid of described information safety devices; Obtain the log-in password and the user profile of user's input, the described log-in password of union generates registration code, described registration code, user profile and hwid is associated together preserves then;
Acquisition module, be used for when obtaining described user profile, judge whether to read the hwid of information safety devices, if can read the hwid of information safety devices, then read the hwid of described information safety devices, search and whether preserve in the described computer and the corresponding to hwid of this hwid,, then obtain described user profile if find; If can not read the hwid of information safety devices, then obtain the user password of described user's input, whether the described user password of union generates input code, search and preserve in the described computer and the corresponding to registration code of this input code, if find, then obtain described user profile.
Described registration code generates for utilizing one-way Hash algorithm that described log-in password is carried out computing; Described input code generates for utilizing one-way Hash algorithm that described user password is carried out computing.
Described one-way Hash algorithm is MD5 or SHA.
The invention has the beneficial effects as follows:
The registration code that makes the hwid of preserving user profile, information safety devices in the computer and utilize log-in password to generate by registered in advance; When computer can read the hwid of information safety devices, can obtain user profile by from the hwid that prestores, finding with the corresponding to hwid of the hwid of current information safety means; When computer can not read the hwid of information safety devices, can obtain user profile by the corresponding to registration code of input code that from the registration code that prestores, finds and utilize user password to generate, thereby avoided from database, obtaining user profile, reduced the cost that administers and maintains.
Description of drawings
Fig. 1 is the method flow diagram that the embodiment of the invention one is obtained user profile;
Fig. 2 is the system construction drawing that the embodiment of the invention two is obtained user profile.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but the present invention is not limited to the following examples.
Embodiment one
Referring to Fig. 1, the embodiment of the invention provides a kind of method of obtaining user profile, specifically may further comprise the steps:
When user's information of registered users, carry out the step of following registration:
Step 101: the user links to each other information safety devices with computer;
Step 102: computer reads the hwid of information safety devices, and the prompting user imports log-in password and user profile;
Step 103: the user imports log-in password and user profile, and user profile is one or more in production number, guarantee number, subscriber data, product type and the information safety devices data.
Step 104: computer utilizes the log-in password of MD5 algorithm computing user input, generates registration code, and the user profile that this registration code and user are imported and the hwid that reads associate, and is stored in then in the computer; Association realizes by data structure, array, listed files or file Hash table.
When the user need obtain user profile, the step of carrying out following checking and obtaining:
Step 105: computer judges whether to read the hwid of information safety devices, if can read the hwid of information safety devices, it is very slight that the information safety devices that the user then is described is not lost degree excellent or that damage, execution in step 106; If can not read the hwid of information safety devices, the information safety devices that the user then is described lose or the degree damaged very serious, then execution in step 113;
Step 106: computer reads the hwid of information safety devices;
Step 107: whether in the hwid in computer stored have with current hwid consistent identifier, if having, then execution in step 108 if searching; Otherwise execution in step 112;
Step 108: the computer prompted user imports PIN code;
Step 109: the user imports PIN code to computer;
Step 110: computer judges whether the PIN code of user's input is correct, if correct, then execution in step 111, otherwise execution in step 112;
Step 111: the user obtains the user profile in the computer by checking, finishes then;
Step 112: the computer prompted error message, and finish;
Step 113: the user imports user password;
Step 114: computer utilizes the MD5 algorithm that user password is carried out computing, produces input code;
Step 115: whether in the registration code in computer stored have with the input code of current generation consistent registration code, if having, then execution in step 116 if searching; Otherwise execution in step 117;
Step 116: the user obtains the user profile in the computer by checking;
Step 117: computer prompted error message.
MD5 one-way Hash algorithm in the present embodiment can be replaced by the SHA algorithm.
Embodiment two
Referring to Fig. 2, the embodiment of the invention also provides a kind of system that obtains user profile, specifically comprises:
(1) Registering modules is used for when information of registered users information safety devices being connected with computer, reads the hwid of information safety devices; Obtain the log-in password and the user profile of user's input, the union log-in password generates registration code, registration code, user profile and hwid is associated together preserves then;
(2) acquisition module, be used for when obtaining user profile, judge whether to read the hwid of information safety devices, if can read the hwid of information safety devices, then read the hwid of information safety devices, search and whether preserve in the computer and the corresponding to hwid of this hwid,, then obtain user profile if find; If can not read the hwid of information safety devices, then obtain the user password of user's input, whether the computing user password generates input code, search and preserve in the computer and the corresponding to registration code of this input code, if find, then obtains user profile.
Above-mentioned registration code generates for utilizing one-way Hash algorithm that log-in password is carried out computing, and above-mentioned input code generates for utilizing one-way Hash algorithm that user password is carried out computing.
Above-mentioned one-way Hash algorithm is MD5 or SHA.
Above-mentioned association realizes by data structure, array, listed files or file Hash table.
Above-mentioned user profile is one or more in production number, guarantee number, subscriber data, product type and the information safety devices data.
Above-described embodiment is a more preferably embodiment of the present invention, and common variation that those skilled in the art carries out in the technical solution of the present invention scope and replacement all should be included in protection scope of the present invention.