CN101552676B - Host module legitimacy verification method, system and device using a card module - Google Patents
Host module legitimacy verification method, system and device using a card module Download PDFInfo
- Publication number
- CN101552676B CN101552676B CN 200910140407 CN200910140407A CN101552676B CN 101552676 B CN101552676 B CN 101552676B CN 200910140407 CN200910140407 CN 200910140407 CN 200910140407 A CN200910140407 A CN 200910140407A CN 101552676 B CN101552676 B CN 101552676B
- Authority
- CN
- China
- Prior art keywords
- module
- host
- identification information
- server
- server end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The embodiment of the invention discloses a host module legitimacy verification method using a card module, comprising the following steps: generating the identity information of the host module by a server terminal and sending the identity information to the host module; sending a load request with the identity information to the card module from the host module and sending a verification request with the identity information to the server terminal, when the card module receives the load request; verifying the legitimacy of the host module using the identity information and returning the verification result to the card module. The embodiment of the invention also discloses a host module legitimacy verification system and device using the card module. The host module legitimacy verification method, system and device using a card module can verify the legitimacy of the host module using the card module and the realization complexity of the card module is lower.
Description
Technical field
The application relates to the data security field, relates in particular to a kind of method, system and equipment of card module checking host module legitimacy.
Background technology
Host's module on the client often need load some card modules; Host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation, and card module is meant and can runs on host's module and necessary function of nonhost module itself or business module.
In order to prevent host's module loading card module illegal or camouflage, before loading, need verify the legitimacy of host's module by card module.Concrete verification method mainly contains following two kinds:
First kind, adopt symmetry algorithm to verify.
For example, host's module and card module both sides arrange a plain code, and host's module is encrypted this plain code; The ciphertext of card module after to host's module encrypt deciphered; And the plain code of data after will deciphering and agreement compares, if relatively both are consistent, then checking is passed through; Otherwise, authentication failed.
Second kind, adopt asymmetric arithmetic to verify.
For example, host's module generates pair of secret keys, and wherein PKI is openly issued with certificate, and private key is maintained secrecy.Host's module is used plaintext that the encrypted private key card module of oneself provides or agreement; Ciphertext after will encrypting then sends to card module; Card module is if use the PKI of host's module issue can successfully decipher the ciphertext that host's module is sent; Then the checking to host's module is successful, otherwise, to the authentication failed of host's module.
In the process that realizes the application, the inventor finds to exist in the prior art following technical problem:
For the verification method of above-mentioned two kinds of card modules to host's module, concrete proof procedure carries out in client, and client need be carried out complex calculations, and card module also need be carried out key value calculating or decryption oprerations etc., and implementation complexity is higher.
Summary of the invention
The application embodiment provides a kind of method, system and equipment of the host's of checking module legitimacy, the implementation complexity of plug-in unit when being used to simplify plug-in unit to host's module legitimate verification.
The application embodiment provides a kind of method of card module checking host module legitimacy, and this method comprises:
Server end generates the identification information of host's module, and this identification information is sent to said host's module;
Said host's module is sent the load request of carrying said identification information to card module, after said card module receives said load request, sends the checking request of carrying said identification information to server end;
After server end receives said checking request, utilize said identification information that said host's module is carried out legitimate verification, and will verify that the result returns to said card module.
The application embodiment provides a kind of system of card module checking host module legitimacy, and this system comprises:
Server is used to generate the identification information of host's module, and this identification information is sent to said host's module; After receiving the checking request that card module sends, utilize the identification information of carrying in this checking request that said host's module is carried out legitimate verification, and will verify that the result returns to said card module;
Host's module is used for sending load request to card module, carries the identification information that said server is sent in this load request;
Card module is used for after receiving said load request, sends the checking request to server, carries identification information entrained in the said load request in this checking request.
The application embodiment provides a kind of server, and this server comprises:
Identify generation unit, be used to generate the identification information of host's module;
The sign transmitting element is used for said identification information is sent to said host's module;
The legitimate verification unit is used for after receiving the checking request that card module sends, and utilizes the identification information of carrying in this checking request that said host's module is carried out legitimate verification, and will verify that the result returns to said card module.
The application embodiment provides a kind of card module, and this card module comprises:
The load request receiving element is used to receive the load request that host's module is sent, and carries the identification information of host's module in this load request; Said host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation; Wherein, said identification information is to be generated by server end, and sends to said host's module;
The checking request transmitting unit is used for sending the checking request to server end, carries said identification information in this checking request;
The module that is used for the checking result that the reception server end returns.
Among the application; Generated the identification information of host's module and issued host's module by server end, host's module is carried at identification information and sends to card module in the load request when needs loading of plug-in module; Card module sends to server end with the identification information in the load request; Server end verifies host's module according to the identification information that receives, and will verify that the result returns to card module, thereby realized the legitimate verification of card module to host's module through server; Card module need not carried out complex operations such as key value calculating or deciphering, and implementation complexity is lower.
Description of drawings
Fig. 1 is the schematic flow sheet of the application's method that embodiment provides;
Fig. 2 is the structural representation of the application system that embodiment provides;
Fig. 3 is the structural representation of the application's server that embodiment provides;
Fig. 4 provides the structural representation of host's module for the application embodiment;
Fig. 5 is the structural representation of the application's card module that embodiment provides;
Fig. 6 combines the embodiment schematic flow sheet of system shown in Figure 2 for the application.
Embodiment
The implementation complexity of plug-in unit in order to simplify to host's module legitimate verification; The application embodiment provides a kind of method of card module checking host module legitimacy; In this method; Generated the identification information of host's module and issued host's module by server end, host's module is carried at identification information and sends to card module in the load request when needs loading of plug-in module; Card module sends to server end with the identification information in the load request; Server end verifies host's module according to the identification information that receives, and will verify that the result returns to card module, and card module can determine whether agree the load operation of host's module according to the checking result who receives.
Among the application, host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation, for example instant communication software etc.Card module is meant and can runs on host's module and necessary function of nonhost module itself or business module, for example the security patch module of instant communication software.
Referring to Fig. 1, the method for the card module checking host module legitimacy that the application embodiment provides specifically may further comprise the steps:
Step 10: server end generates the identification information of host's module, and this identification information is sent to host's module;
Step 11: host's module is sent load request to card module, carries the identification information that server end is sent in this load request;
Step 12: after card module receives the load request that host's module sends, send the checking request to server end, this checking is carried identification information entrained in the load request in asking;
Step 13: after server end receives the checking request that card module sends, utilize the identification information of carrying in this checking request that host's module is carried out legitimate verification, and will verify that the result returns to card module.
In the step 10, identification information is meant the data message that can be used for identifying host's module.The mode of the identification information of triggering server end generation host module can have multiple, for example, can be following two kinds:
First kind: behind the input account information, host's module sent to server end with this account information when the user logined host's module.Server end carries out authentication according to the account information that receives to the user, and after user's authentication is passed through, generates the identification information of host's module.This kind mode relies on the login system of host's module to confirm the legitimacy of host's module; In general, the login system of legal host's module be difficult to by counterfeit with go beyond, the user can only be through the login system ability logon server of legal host's module; Therefore; Just for host's module generates identification information, fail safe is higher, and simpler on realizing after user's authentication is passed through.
Second kind; The user of host's module carries can prove that the legal related data of host's module (the for example sequence number of host's module) registers at server end; After server end confirms that according to the related data data host's module is legal, for host's module generates identification information.Perhaps, after host's module was installed in client, client initiatively can prove host's module, and legal related data sent to server end, after server end confirms that according to related data host's module is legal, for host's module generates identification information.
In the step 10, the identification information of host's module that server end generates can be but be not limited to following two kinds: the hashed value of virtual identity sign or virtual identity sign.Wherein, Virtual identity sign is the one piece of data that generates at random or generate according to certain rule; The virtual identity sign that only needs to guarantee this generation with this before the virtual identity sign that generates and preserve different, guarantee promptly that each virtual identity that server end is preserved identifies uniquely not repeat.
The hashed value of virtual identity sign utilizes hashing algorithm to calculate; Hashing algorithm can be any unidirectional non-reversible algorithm; The characteristic of unidirectional non-reversible algorithm is to calculate the hashed value of former data according to this algorithm, but can not utilize this algorithm computation to obtain the corresponding former data of this hashed value.Unidirectional non-reversible algorithm has SHA1, MD5 scheduling algorithm.
When identification information was the virtual identity sign, the concrete realization that server end carries out legitimate verification according to the virtual identity sign of carrying in the checking request to host's module can have following two kinds:
First kind, server end is searched the virtual identity sign of carrying in the checking request in all virtual identity signs of preserving, if find, then the legitimate verification to host's module passes through, otherwise, to the legitimate verification failure of host's module.
Second kind, server end is preserved the corresponding relation of the physical identity sign of this virtual identity sign and host's module and card module place client after generating the virtual identity sign of host's module.The physical identity sign of this client is also carried in the checking request that card module sends to server; After server receives this checking request; Judge whether to preserve the virtual identity that carries in the checking request and identify the corresponding relation that identifies with physical identity, if then the legitimate verification to host's module passes through; Otherwise, to the legitimate verification failure of host's module.
When identification information was the hashed value of virtual identity sign, the concrete realization that server end carries out legitimate verification according to the hashed value of carrying in the checking request to host's module also can have following two kinds:
First kind, server end utilizes hashing algorithm to calculate the hashed value of each virtual identity sign of preservation; Judge whether the hashed value of carrying in the checking request is included in the hashed value that calculates, if then the legitimate verification to host's module passes through, otherwise, to the legitimate verification failure of host's module.
Second kind, server end is preserved the corresponding relation that the virtual identity that generates identifies the physical identity sign of the client that belongs to host's module and card module; The physical identity sign of this client is also carried in the checking request that card module sends to server; After server end receives this checking request; From the corresponding relation of having preserved that virtual identity identifies and physical identity identifies, searching the physical identity of carrying in the checking request identifies; If do not find, then the legitimate verification of host's module is failed; If find; Then calculate the hashed value of the physical identity sign corresponding virtual identify label that finds according to hashing algorithm; Whether the hashed value of carrying in the hashed value that relatively calculates and the checking request is consistent, if then the legitimate verification to host's module passes through; Otherwise, to the legitimate verification failure of host's module.
Use the identification information of the hashed value of virtual identity sign as host's module; Compare as the identification information of host's module with direct use virtual identity sign; Fail safe is higher; Because server end can prevent that hashed value is stolen through the computational methods of adjustment hashed value, therefore static virtual identity sign is stolen with the hashed value of virtual identity sign more easily.
The physical identity of client sign can be the data message that the MAC Address of this client, the hard disk sequence number of this client, the CPU sequence number of this client etc. can this clients of unique identification.The combination of the physical identity of the client sign account information that can also to be data message that MAC Address etc. can the unique identification client import with the user, the for example combination of MAC Address and user name.At this moment, host's module also need offer card module with the account information of user's input.
When physical identity sign is the combination of the account information imported of data message and user that can the unique identification client; If there are a plurality of users to login same host's module; Can there be many-to-one relation in the virtual identity sign that server end is preserved with the corresponding relation of physical identity sign; Promptly can not exist a plurality of different virtual identities to identify the relation that corresponding same physical identity identifies, so, when the second kind verification method of server end when the above-mentioned identification information of employing is the hashed value of virtual identity sign verified; Only need to calculate the hashed value of 1 virtual identity sign; And need not calculate repeatedly, therefore can effectively reduce the workload of server, improve verification efficiency.Simultaneously; Because the introducing of user's account information; Even if illegal host's module has been stolen server end and has been issued the virtual identity sign of legal host's module or the hashed value of virtual identity sign; If not method host's module is stolen less than user account information, with can not be through the legitimate verification of server end.It is thus clear that physical identity sign adopts the combination of the account information imported of data message and user that can the unique identification client, the fail safe that can effectively improve this programme.
Preferable, whether server end identifies the correspondence setting expired time that identifies with physical identity for each bar virtual identity of preserving, and expired according to each bar corresponding relation of this expired time regular check, if, then with expired corresponding relation deletion.Like this, can save the storage resources of server end, and when server end is verified the legitimacy of host's module according to the corresponding relation of preserving, can effectively shorten the processing time.
Among the application, the identification information of host's module that server end generates is not limited to the hashed value of above-mentioned virtual identity sign and virtual identity sign, and this identification information can be any data message that can be used for identifying host's module.And; The method that server end carries out legitimate verification according to identification information to host's module also is not limited to above-mentioned four kinds of methods mentioning; Server end can carry out legitimate verification according to any authentication policy that is provided with in advance; Like this, adopt which kind of method to carry out the realization that legitimate verification does not influence the application's goal of the invention.
A kind of concrete application example of the method for the application's card module checking host module legitimacy is the application in MSN, and instant communication server generates the identification information of host's module, and this identification information is sent to host's module; Host's module is sent the load request of carrying said identification information to card module; Card module extracts the identification information of host's module from said load request, and sends the checking request of carrying said identification information to instant communication server; After instant communication server receives the checking request that card module sends, utilize the identification information of carrying in this checking request that host's module is carried out legitimate verification, and will verify that the result returns to card module.
Referring to Fig. 2, the application embodiment also provides a kind of system of card module checking host module legitimacy, and this system comprises:
Server 20 is used to generate the identification information of host's module, and this identification information is sent to said host's module; After receiving the checking request that card module sends, utilize the identification information of carrying in this checking request that said host's module is carried out legitimate verification, and will verify that the result returns to said card module;
Host's module 21 is used for sending load request to card module, carries the identification information that said server is sent in this load request;
Card module 22 is used for after receiving said load request, sends the checking request to server, carries identification information entrained in the said load request in this checking request.
Said host's module 21 also is used for:
The account information of importing when the user is logined this host module sends to server;
Said server 20 also is used for: according to said account information said user is carried out authentication; After said user's authentication is passed through, generate the identification information of host's module.
Said server 20 is used for: generate virtual identity sign and preservation, utilize hashing algorithm to calculate the hashed value of said virtual identity sign; With the identification information of the hashed value that calculates as said host's module.
Said card module 22 also is used for: the physical identity sign of said client is carried at said checking request; Accordingly, said server 20 also is used for: preserve the corresponding relation that the virtual identity that generates identifies and the physical identity of said client identifies; After receiving said checking request, from the corresponding relation of preserving that virtual identity identifies and physical identity identifies, search the physical identity sign of carrying in the said checking request, if do not find, then the legitimate verification of said host's module is failed; If find; Then calculate the hashed value of the physical identity sign corresponding virtual identify label that finds according to hashing algorithm; Whether the hashed value of carrying in the hashed value that relatively calculates and the said checking request is consistent, if then the legitimate verification to said host's module passes through; Otherwise, to the legitimate verification failure of said host's module.
Said server 20 also is used for:
Whether the virtual identity sign that regular check is preserved is expired with the corresponding relation of physical identity sign, if, then with expired corresponding relation deletion.
Referring to Fig. 3, the application embodiment also provides a kind of server, can be applied in the system of card module checking host module legitimacy, and this server comprises:
Identify generation unit 30, be used to generate the identification information of host's module;
Sign transmitting element 31 is used for said identification information is sent to said host's module;
Legitimate verification unit 32 is used for after receiving the checking request that card module sends, and utilizes the identification information of carrying in this checking request that said host's module is carried out legitimate verification, and will verify that the result returns to said card module.
Said server also comprises:
Identity authenticating unit 33 is used to receive the account information of importing when user that said host's module sends logins this host's module, according to said account information said user is carried out authentication;
Said sign generation unit 30 is used for: after said user's authentication is passed through, generate the identification information of host's module.
Said sign generation unit 30 comprises:
The logical identifier unit is used to generate virtual identity sign and preservation;
The hashed value unit is used to utilize hashing algorithm to calculate the hashed value of said virtual identity sign; With the identification information of the hashed value that calculates as said host's module.
Said server also comprises:
Preserve unit 34, be used to preserve the corresponding relation of virtual identity sign that said logical identifier unit generates and the physical identity sign of said host's module place client;
Said legitimate verification unit 32 is used for:
After receiving said checking request, from the corresponding relation of preserving that virtual identity identifies and physical identity identifies, search the physical identity sign of carrying in the said checking request, if do not find, then the legitimate verification of said host's module is failed; If find; Then calculate the hashed value of the physical identity sign corresponding virtual identify label that finds according to hashing algorithm; Whether the hashed value of carrying in the hashed value that relatively calculates and the said checking request is consistent, if then the legitimate verification to said host's module passes through; Otherwise, to the legitimate verification failure of said host's module.
This server also comprises:
Expired inspection unit 35, whether the virtual identity that is used for preserving the said preservation of regular check unit identifies with the corresponding relation of physical identity sign expired, if, then with expired corresponding relation deletion.
Referring to Fig. 4, the application embodiment also provides a kind of host's module, can be applied in the system of card module checking host module legitimacy, and this host's module comprises:
Identify label receiving element 40 is used for the identification information of host's module that the reception server end sends;
Load request transmitting element 41 is used for sending load request to card module, carries said identification information in this load request.
Said host's module also comprises:
Log-on message transmitting element 42 is used for after the user logins said host's module and imports account information, this account information being sent to said server end.
Referring to Fig. 5, the application embodiment also provides a kind of card module, can be applied in the system of card module checking host module legitimacy, and this card module comprises:
Load request receiving element 50 is used to receive the load request that host's module is sent, and carries the identification information of host's module in this load request;
Checking request transmitting unit 51 is used for sending the checking request to server end, carries said identification information in this checking request.
This card module also comprises:
Identify label loading unit 52 is used to obtain the physical identity sign of said client, and this physical identity sign is carried in the said checking request.
Need to prove; The explanation of in method, mentioning among the application but in system, server, host's module, card module, not mentioning is useful in system, server, host's module and the card module equally; For example the definition of each sign, generating mode etc. repeat no more here.
Below in conjunction with the system shown in the accompanying drawing 2 flow process of card module checking host module legitimacy is described, as shown in Figure 6:
Step S01: the user logins host's module on client, input username and password information;
Step S02: host's module sends to server with the username and password information of input;
Step S03: server carries out authentication according to the username and password information that receives to the user,
Step S04: after checking is passed through, generate the virtual identity sign (clientID) of host's module, and preserve the corresponding relation of the MAC Address of client among the clientID that generates and the step S01; Utilize hashing algorithm to calculate the hashed value (clientIDToken) of the clientID that generates;
Step S05: the clientIDToken that calculates is sent to the host's module on the client;
Step S06: host's module is carried at the clientIDToken that receives and sends to card module in the load request;
Step S07: card module is carried at the MAC Address of clientIDToken in the load request and client in the checking request and sends to server;
Step S08: server is searched the MAC Address that carries in the checking request in the corresponding relation of clientID that has preserved and MAC Address;
Step S09: judge whether to find, if find, execution in step S10 then, otherwise, execution in step S15;
Step S10: the hashed value of the clientID that the MAC Address that utilizes hashing algorithm to calculate to find is corresponding, and the hashed value of carrying in the hashed value that calculates and the checking request compared;
Step S11: judge comparative result whether be the hashed value that calculates with the checking request in the hashed value of carrying consistent, if then arrive step S12; Otherwise, to step S15;
Step S12: send the notice that checking host module legitimacy is passed through to card module;
Step S13: card module sends the notice of agreeing loading to host's module;
Step S14: host's module is carried out the operation of loading of plug-in module, and flow process finishes;
Step S15: the notice of sending the failure of checking host module legitimacy to card module;
Step S16: card module sends the notice that refusal loads to host's module, and flow process finishes.
To sum up, the application's beneficial effect comprises:
In the scheme that the application embodiment provides; Generated the identification information of host's module and issued host's module by server end, host's module is carried at identification information and sends to card module in the load request when needs loading of plug-in module; Card module sends to server end with the identification information in the load request; Server end verifies host's module according to the identification information that receives, and will verify that the result returns to card module, thereby realized the legitimate verification of card module to host's module through server; Card module need not carried out complex operations such as key value calculating or deciphering, and implementation complexity is lower.
For the convenience of describing, the each several part of the above system is divided into various modules with function or the unit is described respectively.Certainly, when implementing the application, can in same or a plurality of softwares or hardware, realize the function of each module or unit.
Those skilled in the art should understand that the application's embodiment can be provided as method, system or computer program.Therefore, the application can adopt the form of the embodiment of complete hardware embodiment, complete software implementation example or combination software and hardware aspect.And the application can be employed in the form that one or more computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) that wherein include computer usable program code go up the computer program of implementing.
Obviously, those skilled in the art can carry out various changes and modification and the spirit and the scope that do not break away from the application to the application.Like this, belong within the scope of the application's claim and equivalent technologies thereof if these of the application are revised with modification, then the application also is intended to comprise these changes and modification interior.
Claims (17)
1. the method for card module checking host module legitimacy is characterized in that this method comprises:
Server end generates the identification information of host's module, and this identification information is sent to said host's module; Said host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation;
Server end receives the checking request of carrying the identification information that from the load request that host's module is sent, extracts that card module sends;
Server end utilizes said identification information that said host's module is carried out legitimate verification, and will verify that the result returns to said card module.
2. the method for claim 1 is characterized in that, generates at server end before the identification information of host's module, and this method further comprises:
The account information that the user that said server end reception host module is sent imports when logining this host module;
Server end carries out authentication according to said account information to said user.
3. according to claim 1 or claim 2 method is characterized in that, the identification information that said server end generates host's module comprises:
Server end generates the virtual identity sign and preserves, and utilizes hashing algorithm to calculate the hashed value of said virtual identity sign; With the identification information of the hashed value that calculates as said host's module.
4. method as claimed in claim 3 is characterized in that, said server end utilizes said identification information that said host's module is carried out legitimate verification to comprise:
Server end utilizes hashing algorithm to calculate the hashed value of each virtual identity sign of preservation; Judge whether the hashed value of carrying in the said checking request is included in the hashed value that calculates, if then the legitimate verification to said host's module passes through, otherwise, to the legitimate verification failure of said host's module.
5. method as claimed in claim 3 is characterized in that, after server end generated said virtual identity sign, this method further comprised:
Server end is preserved the virtual identity that generates and is identified the corresponding relation that belongs to the physical identity sign of client with said host's module;
Server end receives the checking request of the physical identity sign of carrying said client of card module transmission;
Server end identifies from the virtual identity of preserving and searches the physical identity sign of carrying in the said checking request the corresponding relation that identifies with physical identity, if do not find, then the legitimate verification of said host's module is failed; If find, then:
Calculate the hashed value of the physical identity sign corresponding virtual identify label that finds according to hashing algorithm; Whether the hashed value of carrying in the hashed value that relatively calculates and the said checking request is consistent; If; Then the legitimate verification to said host's module passes through, otherwise, to the legitimate verification failure of said host's module.
6. method as claimed in claim 5 is characterized in that, this method further comprises:
Whether the virtual identity sign that the server end regular check is preserved is expired with the corresponding relation of physical identity sign, if, then with expired corresponding relation deletion.
7. the method for card module checking host module legitimacy is characterized in that this method comprises:
Card module receives the load request of carrying identification information that host's module is sent; Said host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation;
Said card module sends the checking request of carrying said identification information to server end;
The checking result that said card module reception server end returns;
Wherein, said identification information is to be generated by server end, and sends to said host's module.
8. the system of card module checking host module legitimacy is characterized in that this system comprises:
Server is used to generate the identification information of host's module, and this identification information is sent to said host's module; After receiving the checking request that card module sends, utilize the identification information of carrying in this checking request that said host's module is carried out legitimate verification, and will verify that the result returns to said card module; Said host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation;
Host's module is used for sending load request to card module, carries the identification information that said server is sent in this load request;
Card module is used for after receiving said load request, sends the checking request to server, carries identification information entrained in the said load request in this checking request.
9. system as claimed in claim 8 is characterized in that, said host's module also is used for:
The account information of importing when the user is logined this host module sends to server;
Said server also is used for: according to said account information said user is carried out authentication; After said user's authentication is passed through, generate the identification information of host's module.
10. like claim 8 or 9 described systems, it is characterized in that said server is used for:
Generate virtual identity sign and preservation, utilize hashing algorithm to calculate the hashed value of said virtual identity sign; With the identification information of the hashed value that calculates as said host's module.
11. system as claimed in claim 10 is characterized in that, said card module also is used for:
The physical identity sign of said host's module place client is carried in the said checking request;
Said server also is used for:
Preserve the corresponding relation that the virtual identity that generates identifies and the physical identity of said client identifies;
After receiving said checking request, from the corresponding relation of preserving that virtual identity identifies and physical identity identifies, search the physical identity sign of carrying in the said checking request, if do not find, then the legitimate verification of said host's module is failed; If find; Then calculate the hashed value of the physical identity sign corresponding virtual identify label that finds according to hashing algorithm; Whether the hashed value of carrying in the hashed value that relatively calculates and the said checking request is consistent, if then the legitimate verification to said host's module passes through; Otherwise, to the legitimate verification failure of said host's module.
12. a server is characterized in that, this server comprises:
Identify generation unit, be used to generate the identification information of host's module; Said host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation;
The sign transmitting element is used for said identification information is sent to said host's module;
The legitimate verification unit is used for after receiving the checking request that card module sends, and utilizes the identification information of carrying in this checking request that said host's module is carried out legitimate verification, and will verify that the result returns to said card module.
13. server as claimed in claim 12 is characterized in that, this server also comprises:
Identity authenticating unit receives the account information of importing when user that said host's module sends logins this host's module, according to said account information said user is carried out authentication;
Said sign generation unit is used for: after said user's authentication is passed through, generate the identification information of host's module.
14., it is characterized in that said sign generation unit comprises like claim 12 or 13 described servers:
The logical identifier unit is used to generate virtual identity sign and preservation;
The hashed value unit is used to utilize hashing algorithm to calculate the hashed value of said virtual identity sign; With the identification information of the hashed value that calculates as said host's module.
15. server as claimed in claim 14 is characterized in that, said server also comprises:
Preserve the unit, be used to preserve the corresponding relation of virtual identity sign that said logical identifier unit generates and the physical identity sign of client;
Said legitimate verification unit is used for:
After receiving said checking request, from the corresponding relation of preserving that virtual identity identifies and physical identity identifies, search the physical identity sign of carrying in the said checking request, if do not find, then the legitimate verification of said host's module is failed; If find; Then calculate the hashed value of the physical identity sign corresponding virtual identify label that finds according to hashing algorithm; Whether the hashed value of carrying in the hashed value that relatively calculates and the said checking request is consistent, if then the legitimate verification to said host's module passes through; Otherwise, to the legitimate verification failure of said host's module.
16. a card module is characterized in that, this card module comprises:
The load request receiving element is used to receive the load request that host's module is sent, and carries the identification information of host's module in this load request; Said host's module is meant the access standard of having formulated plug-in unit and the carrier that supplies plug-in component operation; Wherein, said identification information is to be generated by server end, and sends to said host's module;
The checking request transmitting unit is used for sending the checking request to server end, carries said identification information in this checking request;
The module that is used for the checking result that the reception server end returns.
17. card module as claimed in claim 16 is characterized in that, this card module also comprises:
The identify label loading unit is used to obtain the physical identity sign of client, and this physical identity sign is carried in the said checking request.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910140407 CN101552676B (en) | 2009-05-06 | 2009-05-06 | Host module legitimacy verification method, system and device using a card module |
| HK10103336.5A HK1135535A1 (en) | 2009-05-06 | 2010-03-31 | Method for plug-in module authenticating validity of host module, system and device thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200910140407 CN101552676B (en) | 2009-05-06 | 2009-05-06 | Host module legitimacy verification method, system and device using a card module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101552676A CN101552676A (en) | 2009-10-07 |
| CN101552676B true CN101552676B (en) | 2012-12-05 |
Family
ID=41156685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200910140407 Expired - Fee Related CN101552676B (en) | 2009-05-06 | 2009-05-06 | Host module legitimacy verification method, system and device using a card module |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101552676B (en) |
| HK (1) | HK1135535A1 (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103095659B (en) * | 2011-11-03 | 2016-01-20 | 北京神州泰岳软件股份有限公司 | Account logon method and system in a kind of the Internet |
| CN104348614B (en) * | 2013-07-24 | 2019-02-01 | 腾讯科技(深圳)有限公司 | The method, apparatus and server of identity legitimacy verifying |
| CN103560883B (en) * | 2013-10-30 | 2016-08-31 | 南京邮电大学 | A kind of security authentication method between Android application program based on user right |
| CN103595733B (en) * | 2013-12-02 | 2017-03-08 | 公安部第三研究所 | Realize the system and method for Next Generation Internet NID generation |
| CN104951322B (en) * | 2014-03-27 | 2019-10-11 | 腾讯科技(深圳)有限公司 | Plug-in management method, apparatus and system |
| CN107967424A (en) * | 2017-11-02 | 2018-04-27 | 北京奇虎科技有限公司 | A kind of verification method of plug-in unit, device, terminal device and storage medium |
| CN110445791B (en) * | 2019-08-12 | 2021-07-27 | 北京顺丰同城科技有限公司 | Plug-in authentication method and device, and plug-in authentication information storage method and device |
| CN110825534B (en) * | 2019-09-18 | 2023-11-28 | 深圳云盈网络科技有限公司 | Method for realizing inter-module communication MSG command set |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1605054A (en) * | 2001-12-17 | 2005-04-06 | 英特尔公司 | Connectinmg a virtual token to a physical token |
| CN101202753A (en) * | 2007-11-29 | 2008-06-18 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
-
2009
- 2009-05-06 CN CN 200910140407 patent/CN101552676B/en not_active Expired - Fee Related
-
2010
- 2010-03-31 HK HK10103336.5A patent/HK1135535A1/en not_active IP Right Cessation
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1605054A (en) * | 2001-12-17 | 2005-04-06 | 英特尔公司 | Connectinmg a virtual token to a physical token |
| CN101202753A (en) * | 2007-11-29 | 2008-06-18 | 中国电信股份有限公司 | Method and device for accessing plug-in connector applied system by client terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101552676A (en) | 2009-10-07 |
| HK1135535A1 (en) | 2010-06-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| More et al. | Third party public auditing scheme for cloud storage | |
| CN101552676B (en) | Host module legitimacy verification method, system and device using a card module | |
| US9219722B2 (en) | Unclonable ID based chip-to-chip communication | |
| KR101753859B1 (en) | Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device | |
| CN109981285B (en) | Password protection method, password verification method and system | |
| Nayak et al. | An improved mutual authentication framework for cloud computing | |
| CN112351037B (en) | Information processing method and device for secure communication | |
| Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
| CN105721153A (en) | System and method for key exchange based on authentication information | |
| US20220385644A1 (en) | Sharing encrypted items with participants verification | |
| CN105656862A (en) | Authentication method and device | |
| Dey et al. | Message digest as authentication entity for mobile cloud computing | |
| CN113032772A (en) | Method and system for encrypting and authenticating login information | |
| Rana et al. | Secure and ubiquitous authenticated content distribution framework for IoT enabled DRM system | |
| Li et al. | Secure deduplication storage systems with keyword search | |
| Zhang et al. | A mutual authentication security RFID protocol based on time stamp | |
| CN115473655B (en) | Terminal authentication method, device and storage medium for access network | |
| Jabbar et al. | Design and Implementation of Hybrid EC-RSA Security Algorithm Based on TPA for Cloud Storage | |
| JP5799635B2 (en) | ENCRYPTED DATA SEARCH SYSTEM, DEVICE, METHOD, AND PROGRAM | |
| CN109412799A (en) | System and method for generating local key | |
| CN114745115A (en) | Information transmission method and device, computer equipment and storage medium | |
| Chen et al. | An efficient authentication and access control scheme using smart cards | |
| Tomar et al. | Image based authentication with secure key exchange mechanism in cloud | |
| Hammami et al. | Security issues in cloud computing and associated alleviation approaches |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1135535 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121205 Termination date: 20200506 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |