CN101072100B - Authenticating system and method utilizing reliable platform module - Google Patents
Authenticating system and method utilizing reliable platform module Download PDFInfo
- Publication number
- CN101072100B CN101072100B CN2006100802794A CN200610080279A CN101072100B CN 101072100 B CN101072100 B CN 101072100B CN 2006100802794 A CN2006100802794 A CN 2006100802794A CN 200610080279 A CN200610080279 A CN 200610080279A CN 101072100 B CN101072100 B CN 101072100B
- Authority
- CN
- China
- Prior art keywords
- condition code
- biological condition
- instruction
- user biological
- tpm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The authentication system includes an application program module, a TSP module, a TCS module, a TPM driver module, and TPM. The system also includes a biological feature recognition device, which connected to TPM and TSP modules is in use for obtaining user's biological features. Moreover, based on user's biological features, the method forms user's biological feature code as well as based on user's biological features, the method also searches matched user's biological feature code. TPM is in use for obtaining user's biological feature code, and decides whether TPM operation is executed or not based on result of validating user's biological feature code. The invention introduces biological feature recognition into TPM. Since biological feature code possesses uniqueness, the invention possesses feature of high security. The method is convenient because users do not need to memorize owner and secret information of cipher key.
Description
Technical field
The present invention relates to the safety technique of computer system, particularly a kind of technology of the user of computer system being carried out safety certification.
Background technology
For the purpose of safety; Existing computer system (for example notebook computer, desktop computer etc.) is all carried out authentication to the computer user in User login; Under the consistent situation of the authentication information of only in authentication information that the user provides and computer system, storing, just allow the user to get into computer system and operate.
Yet; Present authentication information all exists in the storage system of computer system (like the hard disk of computer system); Authentication information on depositing in the storage system of computer like this possibly stolen or unauthorized access by long-range; The user through authentication still might not obtain this authentication information, thereby realizes landing this computer system, simultaneously; Because the versatility and the opening of medium, the authentication information on depositing in the storage system of computer also is easy to receive the attack of virus, wooden horse and other rogue programs.
Since the existence of the problems referred to above, more existing at present relevant solutions of being devoted to address this problem, as utilize TPM (Trusted Platform Module; The trusted console module) realizes; It is independent of operating system, does not receive operating system control and independent operating, and TPM chip internal program is solidified; Can not change, these can both partly address the above problem.
Wherein, The structure of existing TPM authentication module is as shown in Figure 1, comprises application program module 11, TSP (TSS Service Provider, TSS service provider) module 12, TCS (TSS Core Service; The TSS kernel service) module 15, TPM driver module 16 and TPM 17; TSS is the abbreviation of TPM Software Stack, and promptly TPM software heap is a kind of software specifications; This standard is provided for inserting the standard A PI (Application Programming Interface, API) of the function of TPM.
As shown in Figure 1, wherein:
Yet; TPM authentication at present adopts the mode of password to carry out authentication, and the user need remember a series of data such as user name, password, uses inconvenience; Enter password simultaneously and also stolen password by keyboard monitoring software easily, security of system still can't be guaranteed fully.
The user is as a kind of biology, and the many physiological characteristics of itself all are unique, for example fingerprint, iris etc.
Summary of the invention
The object of the present invention is to provide a kind of Verification System and authentication method that utilizes reliable platform module; User's distinctive physiological characteristic itself is introduced existing TPM Verification System; Safety; Be easy to use, the safety certification that solves computer system under the prior art condition can't guarantee to use safely, simultaneously problems such as inconvenience fully.
To achieve these goals, the invention provides a kind of Verification System of utilizing reliable platform module, comprise an application program module, a TSP module, a TCS module, a TPM driver module and a TPM, also comprise:
One biological characteristic identificating equipment is connected with the TSP module with said TPM, is used to obtain the user biological characteristic, and forms the user biological condition code according to the user biological characteristic, also is used for seeking the matching user biological condition code according to the user biological characteristic;
Said TPM is used for directly obtaining said user biological condition code from said living things feature recognition equipment, and is used for carrying out the TPM operation according to the instruction and the said user biological condition code of said TSP module.
Above-mentioned system, wherein, when execution need be obtained the instruction of authentication information, said living things feature recognition equipment specifically was used to obtain the first user biological condition code and calculates first cryptographic hash according to the said first user biological condition code; Said TPM specifically is used for obtaining the instruction that execution need be obtained authentication information after the first user biological condition code and first cryptographic hash from said living things feature recognition equipment.
Above-mentioned system; Wherein, when execution needed the authentication verification information instruction, said living things feature recognition equipment specifically was used to obtain the second user biological condition code; Compare with the tabulation of the user biological condition code of internal maintenance, calculate second cryptographic hash after finding the biological condition code of coupling; Said TPM specifically is used to obtain said second cryptographic hash, and is used for more said first cryptographic hash and second cryptographic hash, when the two is consistent, carries out the said authentication verification information instruction that needs.
Above-mentioned system, wherein, when execution need be obtained the instruction of authentication information, said living things feature recognition equipment specifically was used to obtain the first user biological condition code; Said TPM specifically is used for obtaining the first user biological condition code from said living things feature recognition equipment, and calculates the instruction that the execution needs obtain authentication information after first cryptographic hash according to the said first user biological condition code.
Above-mentioned system, wherein, when execution needed the authentication verification information instruction, said living things feature recognition equipment specifically was used to obtain the second user biological condition code, compared with the user biological condition code tabulation of internal maintenance, found the biological condition code of coupling; Said TPM calculates second cryptographic hash, more said first cryptographic hash and second cryptographic hash after specifically being used to obtain the biological condition code of coupling, and is used for when the two is consistent, carrying out the said authentication verification information instruction that needs.
Above-mentioned system, wherein, said living things feature recognition equipment and said TPM carry out information interaction through general input/output signal.
Above-mentioned system, wherein, said living things feature recognition equipment utilization one random number is obtained said user biological condition code, and said random number is obtained through OIAP or OSAP by said TSP module, and sends to said living things feature recognition equipment.
Above-mentioned system, wherein, said user biological characteristic includes but not limited to fingerprint, iris, face type, palmmprint and sound.
Above-mentioned system, wherein, said living things feature recognition equipment is connected with said TSP module through a biological characteristic identificating equipment driver module, and obtains said user biological condition code according to the instruction of said TSP module.
In order better to realize above-mentioned purpose, the present invention also provides a kind of authentication method that utilizes reliable platform module, obtains the user biological characteristic by living things feature recognition equipment, and forms the user biological condition code according to the user biological characteristic; TPM directly obtains said user biological condition code from said living things feature recognition equipment, and carries out the TPM operation according to the instruction and the said user biological condition code of said TSP module.
Above-mentioned method, wherein, when execution need be obtained the instruction of authentication information, said living things feature recognition equipment obtained the first user biological condition code and calculates first cryptographic hash according to the said first user biological condition code; Said TPM obtains the instruction that execution need be obtained authentication information after the first user biological condition code and first cryptographic hash from said living things feature recognition equipment.
Above-mentioned method; Wherein, when execution needed the authentication verification information instruction, said living things feature recognition equipment obtained the second user biological condition code; Compare with the tabulation of the user biological condition code of internal maintenance, calculate second cryptographic hash after finding the biological condition code of coupling; Said TPM obtains said second cryptographic hash, and more said first cryptographic hash and second cryptographic hash, when the two is consistent, carries out the said authentication verification information instruction that needs.
Above-mentioned method, wherein, when execution need be obtained the instruction of authentication information, said living things feature recognition equipment obtained the first user biological condition code; Said TPM obtains the first user biological condition code from said living things feature recognition equipment, and calculates the instruction that the execution needs obtain authentication information after first cryptographic hash according to the said first user biological condition code.
Above-mentioned method, wherein, when execution needed the authentication verification information instruction, said living things feature recognition equipment obtained the second user biological condition code, compared with the user biological condition code tabulation of internal maintenance, found the biological condition code of coupling; Said TPM calculates second cryptographic hash, more said first cryptographic hash and second cryptographic hash after obtaining the biological condition code of coupling, and the two carries out the said authentication verification information instruction that needs when consistent
Verification System and the authentication method that utilizes reliable platform module of the present invention; Introduced living things feature recognition to TPM; Through utilizing a biological characteristic identificating equipment to obtain the user biological condition code, realize creating key operation or encryption and decryption operation by TPM through this user biological condition code then, because the uniqueness of biological condition code; And have only the biological condition code checking to pass through; TPM just carries out corresponding operating, because TPM equipment and fingerprint equipment direct communication, the user biological condition code can not appear in the internal memory; Need not the user enter password simultaneously, keyboard is monitored software and also can't be stolen, and has safe characteristics, and simultaneously, the user need not to remember the secret information of the owner and key, and is easy to use.
Description of drawings
Fig. 1 is the structural representation of Verification System of the reliable platform module of prior art;
Fig. 2 is the structural representation that utilizes the Verification System of reliable platform module of the present invention;
Fig. 3 is the process flow diagram that Verification System of the present invention realizes the establishment key step in the method for authentication;
Fig. 4 is the process flow diagram that Verification System of the present invention realizes the use key step in the method for authentication.
Embodiment
First embodiment of the Verification System of utilizing reliable platform module of the present invention is as shown in Figure 1; Comprise application program module 11, TSP module 12, living things feature recognition device driver module 13, living things feature recognition equipment 14, TCS module 15, TPM driver module 16 and TPM 17, wherein:
Living things feature recognition equipment 14 is connected with TPM 17 with living things feature recognition device driver module 13, is used for obtaining the user biological characteristic according to the instruction of TSP module 12; And form the user biological condition code according to the user biological characteristic, and the corresponding relation between maintenance customer's biological condition code and the PKI cryptographic hash, the instruction that need obtain authentication information in execution is (like the establishment owner; Create key; Enciphered data is upgraded and is authorized) time, said living things feature recognition equipment obtains the first user biological condition code and calculates first cryptographic hash; When carrying out the encryption and decryption operation; Said living things feature recognition equipment obtains the second user biological condition code, compares with the user biological condition code of internal maintenance, finds the biological condition code of coupling to calculate second cryptographic hash; This living things feature recognition equipment is through GPIO (General-Purpose Input/Output; General I/O) signal and TPM 17 realize information interaction; This living things feature recognition equipment 14 obtains the user biological characteristic according to random number; This random number is obtained through OIAP (object have nothing to do authentication protocol) instruction or OSAP (object relevant authentication agreement) by TSP module 12; And sending to living things feature recognition equipment 14 with finger scan instruction, indicator organism characteristic identificating equipment 14 obtains the user biological characteristic;
Certainly, calculate the action of cryptographic hash and also can accomplish by TPM, but volume of transmitted data big (general 256-1024 byte).
Be that example is further elaborated with secret key below.
The Verification System of reliable platform module of utilizing of the present invention realizes that the method for authentication comprises establishment key step and uses the key step.
As shown in Figure 3, the Verification System of utilizing reliable platform module of the present invention realizes that the establishment key step in the method for authentication specifically comprises the steps:
Step 31, TSP module receive the establishment key instruction that application program module is sent;
Step 32, the TSP module is obtained random number through the OIAP instruction, and random number is sent to living things feature recognition equipment, and the indicator organism characteristic identificating equipment obtains user's biological condition code;
Step 33, living things feature recognition equipment obtains user's biological characteristic, and forms the first user biological condition code, if known users then merges;
Step 34, TSP module will be created the key instruction and send to said TPM, create key by said TPM, and obtain the said first user biological condition code from living things feature recognition equipment;
Step 35, said TPM obtains first cryptographic hash according to the first user biological condition code, and with first user biological condition code and the key data, or first cryptographic hash and key data packaging ciphering, and to TSP module " return " key" establishment successful information;
Step 36, the TSP module is created successful information to said application program module " return " key".
As shown in Figure 4, the Verification System of utilizing reliable platform module of the present invention realizes that the use key step in the method for authentication specifically comprises the steps:
Said in the above embodiments biological characteristic is the unique biological characteristic of user, like biological characteristics such as fingerprint, iris, face type, palmmprint and sound.
Simultaneously, be that example describes with the key in the embodiments of the invention, can certainly be the owner, the process basically identical of its process and key repeats no more at this.
The above only is a preferred implementation of the present invention; Should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; Can also make some improvement and retouching, these improvement and retouching also should be regarded as protection scope of the present invention.
Claims (7)
1. a Verification System of utilizing reliable platform module comprises an application program module, a TSP module, a TCS module, a TPM driver module and a TPM, it is characterized in that, also comprises:
One biological characteristic identificating equipment is connected with the TSP module with said TPM, is used to obtain the user biological characteristic, and forms the user biological condition code according to the user biological characteristic;
Said TPM is used for directly obtaining said user biological condition code from said living things feature recognition equipment, and is used for combining the user biological condition code to carry out instruction and needs authentication verification information instruction that needs obtain authentication information according to the instruction of TSP module;
The corresponding relation of said living things feature recognition plant maintenance one random number and said user biological condition code; Said random number is obtained through irrelevant authentication protocol of object or object relevant authentication agreement by said TSP module, and sends to said living things feature recognition equipment with the finger scan instruction; TPM sends same random number to living things feature recognition equipment and obtains corresponding with it biometric code;
When execution need be obtained the instruction of authentication information, said living things feature recognition equipment specifically was used to obtain the first user biological condition code, and calculated first cryptographic hash according to the said first user biological condition code; Said TPM specifically is used for obtaining the first user biological condition code and first cryptographic hash from said living things feature recognition equipment, and execution need be obtained the instruction of authentication information;
When execution needed the authentication verification information instruction, said living things feature recognition equipment specifically was used to obtain the second user biological condition code, compared with the tabulation of the user biological condition code of internal maintenance, calculated second cryptographic hash after finding the biological condition code of coupling; Said TPM specifically is used to obtain said second cryptographic hash, and is used for more said first cryptographic hash and second cryptographic hash, when the two is consistent, carries out the said authentication verification information instruction that needs.
2. system according to claim 1 is characterized in that, instruction and execution that said execution need be obtained authentication information need the authentication verification information instruction to substitute as follows:
When execution need be obtained the instruction of authentication information, said living things feature recognition equipment specifically was used to obtain the first user biological condition code; Said TPM specifically is used for obtaining the first user biological condition code from said living things feature recognition equipment, and calculates the instruction that the execution needs obtain authentication information after first cryptographic hash according to the said first user biological condition code;
When execution needed the authentication verification information instruction, said living things feature recognition equipment specifically was used to obtain the second user biological condition code, compared with the user biological condition code tabulation of internal maintenance, found the biological condition code of coupling; Said TPM calculates second cryptographic hash, more said first cryptographic hash and second cryptographic hash after specifically being used to obtain the biological condition code of coupling, and is used for when the two is consistent, carrying out the said authentication verification information instruction that needs.
3. system according to claim 1 and 2 is characterized in that, said living things feature recognition equipment and said TPM carry out information interaction through general input/output signal.
4. system according to claim 1 and 2 is characterized in that, said user biological characteristic includes but not limited to fingerprint, iris, face type, palmmprint and sound.
5. system according to claim 1 and 2 is characterized in that, said living things feature recognition equipment is connected with said TSP module through a biological characteristic identificating equipment driver module, and obtains said user biological condition code according to the instruction of said TSP module.
6. an authentication method that utilizes reliable platform module is characterized in that, living things feature recognition equipment obtains the user biological characteristic, and forms the user biological condition code according to the user biological characteristic; TPM directly obtains said user biological condition code from said living things feature recognition equipment, and combines user biological condition code execution needs to obtain the instruction and the needs authentication verification information instruction of authentication information according to the instruction of TSP module;
When execution need be obtained the instruction of authentication information, said living things feature recognition equipment obtained the first user biological condition code and calculates first cryptographic hash according to the said first user biological condition code; Said TPM obtains the instruction that execution need be obtained authentication information after the first user biological condition code and first cryptographic hash from said living things feature recognition equipment;
When execution needed the authentication verification information instruction, said living things feature recognition equipment obtained the second user biological condition code, compared with the tabulation of the user biological condition code of internal maintenance, calculated second cryptographic hash after finding the biological condition code of coupling; Said TPM obtains said second cryptographic hash, and more said first cryptographic hash and second cryptographic hash, when the two is consistent, carries out the said authentication verification information instruction that needs.
7. method according to claim 6 is characterized in that, instruction and execution that said execution need be obtained authentication information need the authentication verification information instruction to substitute as follows:
When execution need be obtained the instruction of authentication information, said living things feature recognition equipment obtained the first user biological condition code; Said TPM obtains the first user biological condition code from said living things feature recognition equipment, and calculates the instruction that the execution needs obtain authentication information after first cryptographic hash according to the said first user biological condition code;
When execution needed the authentication verification information instruction, said living things feature recognition equipment obtained the second user biological condition code, compared with the user biological condition code tabulation of internal maintenance, found the biological condition code of coupling; Said TPM calculates second cryptographic hash, more said first cryptographic hash and second cryptographic hash after obtaining the biological condition code of coupling, and the two carries out the said authentication verification information instruction that needs when consistent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2006100802794A CN101072100B (en) | 2006-05-12 | 2006-05-12 | Authenticating system and method utilizing reliable platform module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2006100802794A CN101072100B (en) | 2006-05-12 | 2006-05-12 | Authenticating system and method utilizing reliable platform module |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101072100A CN101072100A (en) | 2007-11-14 |
CN101072100B true CN101072100B (en) | 2012-03-28 |
Family
ID=38899106
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2006100802794A Active CN101072100B (en) | 2006-05-12 | 2006-05-12 | Authenticating system and method utilizing reliable platform module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101072100B (en) |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101459518B (en) * | 2008-12-01 | 2011-04-20 | 清华大学 | Digital cipher extraction and protection method based on biological characteristic |
CN103412767A (en) * | 2013-06-09 | 2013-11-27 | 百度国际科技(深圳)有限公司 | Method and system for recognizing and upgrading application version |
CN103577738B (en) * | 2013-08-26 | 2016-04-13 | 浙江工业大学 | Based on hereditary automatic mold clustering analysis without template biological key generation method |
CA3017401C (en) * | 2015-03-12 | 2019-12-31 | Eyelock Llc | Methods and systems for managing network activity using biometrics |
CN105956858B (en) * | 2016-05-03 | 2020-02-21 | 联想(北京)有限公司 | Payment method and electronic equipment |
CN106682531A (en) * | 2017-01-23 | 2017-05-17 | 济南浪潮高新科技投资发展有限公司 | Method for confidential data encryption based on biological information authorization |
CN108667608B (en) * | 2017-03-28 | 2021-07-27 | 阿里巴巴集团控股有限公司 | Method, device and system for protecting data key |
TWI644229B (en) * | 2017-05-04 | 2018-12-11 | 慧榮科技股份有限公司 | Data center with data encryption and operating method thererfor |
CN111385097B (en) * | 2018-12-29 | 2023-04-21 | 福建省天奕网络科技有限公司 | Method for data signature authentication and storage medium |
CN111917693A (en) * | 2019-05-10 | 2020-11-10 | 董云鹏 | Network identity authentication system for dynamically identifying digital identity |
CN111191217B (en) * | 2019-12-27 | 2022-12-13 | 华为技术有限公司 | Password management method and related device |
CN111600869B (en) * | 2020-05-13 | 2022-09-20 | 济南大学 | Verification code authentication method and system based on biological characteristics |
CN112788026A (en) * | 2020-08-20 | 2021-05-11 | 王红根 | Information management method and management system based on mobile internet and biological authentication |
CN112199663B (en) * | 2020-12-03 | 2021-04-06 | 飞天诚信科技股份有限公司 | Authentication method and system for no user name |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1346558A (en) * | 1998-12-08 | 2002-04-24 | eCRYP股份有限公司 | Secure system using continuous-changing features of body part as a key |
CN1346116A (en) * | 2000-09-25 | 2002-04-24 | 王介生 | Method for identifying human body biological characteristics |
CN1713101A (en) * | 2005-07-12 | 2005-12-28 | 中国长城计算机深圳股份有限公司 | Computer starting up identifying system and method |
-
2006
- 2006-05-12 CN CN2006100802794A patent/CN101072100B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1346558A (en) * | 1998-12-08 | 2002-04-24 | eCRYP股份有限公司 | Secure system using continuous-changing features of body part as a key |
CN1346116A (en) * | 2000-09-25 | 2002-04-24 | 王介生 | Method for identifying human body biological characteristics |
CN1713101A (en) * | 2005-07-12 | 2005-12-28 | 中国长城计算机深圳股份有限公司 | Computer starting up identifying system and method |
Also Published As
Publication number | Publication date |
---|---|
CN101072100A (en) | 2007-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101072100B (en) | Authenticating system and method utilizing reliable platform module | |
CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
US7366916B2 (en) | Method and apparatus for an encrypting keyboard | |
US8707049B2 (en) | Authentication method and key device | |
US9697371B1 (en) | Remote authorization of usage of protected data in trusted execution environments | |
KR100876003B1 (en) | User Authentication Method Using Biological Information | |
US7861015B2 (en) | USB apparatus and control method therein | |
CA2554300C (en) | System and method for encrypted smart card pin entry | |
EP2937805B1 (en) | Proximity authentication system | |
US8386795B2 (en) | Information security device of Universal Serial Bus Human Interface Device class and data transmission method for same | |
CN101345619B (en) | Electronic data protection method and device based on biological characteristic and mobile cryptographic key | |
CN109921894B (en) | Data transmission encryption method and device, storage medium and server | |
US20140181529A1 (en) | Verification of password using a keyboard with a secure password entry mode | |
CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
CN101494541B (en) | System and method for implementing security protection of PIN code | |
US8566579B2 (en) | Obfuscated authentication systems, devices, and methods | |
WO2010089723A1 (en) | A circuit, system, device and method of authenticating a communication session and encrypting data thereof | |
CN100566253C (en) | A kind of method and system of using intelligent key apparatus safely | |
US20070136604A1 (en) | Method and system for managing secure access to data in a network | |
US20070180507A1 (en) | Information security device of universal serial bus human interface device class and data transmission method for same | |
CN1331015C (en) | Computer security startup method | |
CN108171830B (en) | Hardware encryption method and system based on induction card unlocking and intelligent cloud lock | |
CN101562523B (en) | Security certification method applied on mobile storage device | |
CN2914498Y (en) | Information security device based on universal serial bus human-computer interaction type device | |
KR102081875B1 (en) | Methods for secure interaction between users and mobile devices and additional instances |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |