CN101661599A - Method for authenticating validity of self-contained software of equipment system - Google Patents
Method for authenticating validity of self-contained software of equipment system Download PDFInfo
- Publication number
- CN101661599A CN101661599A CN200910153017A CN200910153017A CN101661599A CN 101661599 A CN101661599 A CN 101661599A CN 200910153017 A CN200910153017 A CN 200910153017A CN 200910153017 A CN200910153017 A CN 200910153017A CN 101661599 A CN101661599 A CN 101661599A
- Authority
- CN
- China
- Prior art keywords
- software
- usbkey
- random number
- fingerprint
- legitimacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a method for authenticating the validity of self-contained software of an equipment system; fingerprinting and a confusion key shared by system software and equipment are mounted into an operating system simultaneously; and when a user inputs information to confirm a trade, a USBKey obtains the fingerprint data of the user, generates a random number, uses the fingerprintingto encrypt the fingerprint data and the random number, and transmits to the system software. The system software obtains the fingerprint data after using a confusion arithmetic to decrypt, uses the fingerprinting to calculate the fingerprint characteristics of the user, and compares the fingerprint characteristics with the fingerprint characteristics obtained through USBKey calculation. If the comparison results are same, then authentication on the validity of the system software is passed and the trade is confirmed. Based on the thought of 'reliable equipment', the method for authenticatingthe validity of the self-contained software of the equipment system implements bidirectional authentication between important components and the system equipment in the software system; and the systemequipment can not work normally after the validity of the software system is confirmed to stop 'trojan' programs to fake as legal programs to visit equipment or steal and alter the input data of theuser.
Description
Technical field
The present invention relates to software legitimacy authentication techniques field, particularly the software that device systems is carried carries out the method for legitimacy authentication.
Background technology
Along with rapid development of network technology, online transaction is progressively accepted by popular with convenience, the cheap of use cost of its use, and the user of online transaction also just progressively increases.Yet the safety problem of online transaction also becomes the focus that the user pays close attention to gradually, and the report of the online transaction security incident that causes because of " wooden horse " or " fryer " program also gets more and more, and a large number of users is also day by day strong for the worry of online transaction.
The existing client identity authentication system of online transaction is a technological core with the U shield, the Web bank of industrial and commercial bank for example, and on the security of transaction, industrial and commercial bank uses the U shield to protect each transaction.Current, along with the more concerns for safety problem, the potential safety hazard in each link of U shield work is solved just one by one, and in whole PKI system, the security of U shield work has arrived a high level.But in process of exchange, except that the legitimacy that will guarantee the U shield, the security of network link the inside also is very important.In the process of exchange, the user imports Transaction Information in software systems, in case Transaction Information is maliciously tampered in network link, will causes the user that illegal transaction information is confirmed and is not realized.
Use internet bank trade, client identity authenticating device (example is said USBKey) with operation system, ca authentication center reciprocal process in be to follow Public Key Infrastructure(PKI) system standard fully.The prior art internet bank trade is by following four steps:
1). the user imports transaction data by using browser in Internet bank interface;
2). the transaction data of the input in using browser is received by control, is handled by control;
3). transaction data is sent to CSP (CSP, Cryptographic ServiceProvider) from control and handles;
4) .CSP transmission transaction data is encrypted to USBKEY;
5) transaction data after .USBKEY output is encrypted is sent into operation system and is handled.
By the PKI system, can guarantee that transaction data is imported into USBKEY and encrypts and send into the security of operation system process.But in process of exchange, from user input data, carrying out in the process of digital signature to the input data equipment of being admitted to, is to lack necessary safeguard measure to user input data.The data of user's input may be stolen or distort in this process.For preventing to be distorted in the process of exchange, the applicant writes USBKEY with data signature software when dispatching from the factory, and original standard interface of shielding CSP causes the hacker to attack by the access of standard interface.
In order to prevent rogue program intrusion computer system, intercepting and capturing transaction data needs data sign software legitimacy authentication mechanism, the security that further improves internet bank trade.
Summary of the invention
The present invention is intended to avoid system software by illegal replacement, the invalid data that sends is subjected to and misses the risk of confirming by misconnection, a kind of two-way authentication between the important procedure and system equipment in the software systems of carrying out before transaction is provided, system equipment just can operate as normal after confirming the legitimacy of software systems, stops " wooden horse " program personation legal procedure unauthorized access equipment or steals and distort user's input data.
For reaching goal of the invention the technical solution used in the present invention be:
A kind of software that device systems is carried carries out the method for legitimacy authentication, it is characterized in that described device systems is that USBKEY does not have the no soft mode of driving, the software of required checking writes USBKEY when dispatching from the factory, software is installed in the operating system automatically when using USBKEY first, the software of USBKEY and required checking is shared key or shared fingerprint algorithm and random number and is obscured/separate and obscure algorithm, before concluding the business, the user carries out the legitimate verification of following steps, if legitimacy can not be passed through, then refusal transaction; Legitimate verification continues follow-up flow process by under the situation;
Described authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
Further, the inventive method also comprises and to whether the software binary code distorts being authenticated, and promptly adopts following steps:
A.USBKEY produces a random number;
B. according to the value of random number, one section binary code is got as reference position in the position that the software of depositing among the USBKEY is found the random number correspondence;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system's install software, finds the position of random number correspondence according to the numerical value of random number, as reference position, gets same one section binary code;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY two hash values are compared, successful then integral component legitimate verification passes through, and failing then, legitimate verification does not pass through.
The present invention also can comprise step: when system thinks that this software is by illegal replacement, system will shield the transaction data that this software is carried out, transaction is closed, and the prompting user.
For ease of the renewal of software, the inventive method is accepted the more new element of this software of far-end control carrying out by network after judging that software is legal software.
Compared to existing technology, beneficial effect of the present invention is by the signature authentication program (or claiming assembly) that is used for internet bank trade is carried out the method that legitimacy authenticates with device systems, solve safely on the net in the middle of the process of exchange, because system software is by illegal replacement, the invalid data of transmission is subjected to and misses the risk of confirming by misconnection.This mechanism is based on the thought of " credible equipment ", before transaction, carry out the two-way authentication between the significant components and system equipment in the software systems, system equipment just can operate as normal after confirming the legitimacy of software systems, stops " wooden horse " program personation legal procedure unauthorized access equipment or steals and distort user's input data.
Description of drawings
Fig. 1 is the flow process according to the software authentication method that one embodiment of the invention illustrated.
Fig. 2 is the flow process of the software authentication method that illustrates according to the second embodiment of the present invention.
Embodiment
Come the present invention is further specified below in conjunction with specific embodiment, but do not limit the invention to these embodiments.One skilled in the art would recognize that the present invention contained in claims scope all alternativess, improvement project and the equivalents that may comprise.
When dispatching from the factory, device interior promptly has the software (or assembly) that is used for the internet bank trade signature authentication, utilize the binding of software (or assembly) and equipment, use the method for sharing key, system software is done the authentication of legitimacy when using, thereby guarantee that the data that equipment receives come from legal system software.
At first, equipment is when dispatching from the factory, system software has been stored in the middle of the secure memory space of equipment, and system software has the fingerprint algorithm of sharing with equipment and obscures key, all content shared all can be carried in software installation or moving process, but, because of USBKey equipment has secure memory space, the binary code of system software is when writing the space, its start address that writes, data space all can't read from the outside, so its data structure can't directly be read by the third party, to protect its privacy;
When being used first, system software is installed in the middle of the operating system automatically,
Described authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
Be further to improve validity and the security of differentiating legal software, the present invention also adopts binary code to carry out hash value comparison method, its verification process as shown in Figure 2:
A.USBKEY produces a random number;
B. according to the value of random number, to the integral component of depositing among the USBKEY, one section binary code (for example 32) is got as reference position in the position of finding the random number correspondence;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system software, finds the position of random number correspondence according to the numerical value of random number, as reference position, gets same one section binary code, as 32;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY two hash values are compared, successful then software legitimate verification passes through, and failing then, legitimate verification does not pass through.
For the not certified integral component that passes through of legitimacy, this integral component is thought by illegal replacement by system, and system will shield the transaction data that this integral component sends, transaction is closed, and the prompting user.
Claims (4)
1. the software that device systems is carried carries out the method that legitimacy authenticates, it is characterized in that described device systems is that USBKEY does not have the no soft mode of driving, the software of required checking writes USBKEY when dispatching from the factory, software is installed in the operating system automatically when using USBKEY first, the software of USBKEY and required checking is shared key or shared fingerprint algorithm and random number and is obscured/separate and obscure algorithm, before concluding the business, the user carries out the legitimate verification of following steps, if legitimacy can not be passed through, then refusal transaction; Legitimate verification continues follow-up flow process by under the situation;
Described authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
2, the software that device systems is carried as claimed in claim 1 carries out the method for legitimacy authentication, it is characterized in that also comprising whether the software binary code distorted authenticating, and promptly adopts following steps:
A.USBKEY produces a random number;
B. according to the value of random number, one section binary code is got as reference position in the position that the software of depositing among the USBKEY is found the random number correspondence;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system's install software, finds the position of random number correspondence according to the numerical value of random number, as reference position, gets same one section binary code;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY two hash values are compared, successful then integral component legitimate verification passes through, and failing then, legitimate verification does not pass through.
3, the software that device systems is carried as claimed in claim 1 or 2 carries out the method for legitimacy authentication, it is characterized in that also comprising when system thinks that this software is by illegal replacement, system will shield the transaction data that this software is carried out, transaction closed, and the prompting user.
4, the software that device systems is carried as claimed in claim 3 carries out the method for legitimacy authentication, it is characterized in that also comprising that system thinks that this software is legal software, accepts the more new element of this software of far-end control carrying out by network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910153017XA CN101661599B (en) | 2009-09-25 | 2009-09-25 | Method for authenticating validity of self-contained software of equipment system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910153017XA CN101661599B (en) | 2009-09-25 | 2009-09-25 | Method for authenticating validity of self-contained software of equipment system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101661599A true CN101661599A (en) | 2010-03-03 |
| CN101661599B CN101661599B (en) | 2012-08-22 |
Family
ID=41789604
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910153017XA Expired - Fee Related CN101661599B (en) | 2009-09-25 | 2009-09-25 | Method for authenticating validity of self-contained software of equipment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101661599B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185694A (en) * | 2010-12-21 | 2011-09-14 | 常熟理工学院 | Electronic file encrypting method and system based on fingerprint information |
| CN103473498A (en) * | 2013-09-12 | 2013-12-25 | 深圳市文鼎创数据科技有限公司 | Application program security verification method and terminal |
| CN103475661A (en) * | 2013-09-12 | 2013-12-25 | 深圳市文鼎创数据科技有限公司 | Method and system for safely obtaining authentication programs |
| CN103488944A (en) * | 2013-09-12 | 2014-01-01 | 深圳市文鼎创数据科技有限公司 | Application program safety control method and application program safety control system |
| CN104065487A (en) * | 2014-07-08 | 2014-09-24 | 华南理工大学 | Random secret value IBC identity authentication method based on digital fingerprint |
| CN106096444A (en) * | 2016-06-12 | 2016-11-09 | 杨鹏 | A kind of identification based on bio information and social information's recording method and system |
| CN106096443A (en) * | 2016-06-12 | 2016-11-09 | 杨鹏 | A kind of Contract Enforcement method and system based on Biont information |
| CN106330448A (en) * | 2015-06-30 | 2017-01-11 | 华为软件技术有限公司 | User legality verification method and system, and devices |
| CN106789096A (en) * | 2017-03-30 | 2017-05-31 | 山东超越数控电子有限公司 | A kind of biological characteristic cipher authentication method and device |
| CN107979579A (en) * | 2016-10-25 | 2018-05-01 | 航天信息股份有限公司 | A kind of safety certifying method and safety certificate equipment |
| CN108021813A (en) * | 2016-11-02 | 2018-05-11 | 斯凯耶科德公司 | Method for protecting the transaction performed from non-security terminal |
| CN109388931A (en) * | 2018-09-12 | 2019-02-26 | 航天信息股份有限公司 | The distributing method and device of method for protecting software, USBKEY equipment based on USBKEY equipment |
| CN111222119A (en) * | 2019-12-27 | 2020-06-02 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Dump analysis terminal and safe dump analysis method for locomotive operation data |
| CN112232815A (en) * | 2020-10-14 | 2021-01-15 | 深圳三角形科技有限公司 | Block chain-based digital currency transaction management method, device, equipment and medium |
| CN112232815B (en) * | 2020-10-14 | 2023-12-01 | 深圳三角形科技有限公司 | Block chain-based digital currency transaction management method, device, equipment and medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101236496A (en) * | 2007-01-29 | 2008-08-06 | 展讯通信(上海)有限公司 | Software consistency detector methods and apparatus |
| CN101064610A (en) * | 2007-05-25 | 2007-10-31 | 四川长虹电器股份有限公司 | Identity authentication process |
-
2009
- 2009-09-25 CN CN200910153017XA patent/CN101661599B/en not_active Expired - Fee Related
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185694A (en) * | 2010-12-21 | 2011-09-14 | 常熟理工学院 | Electronic file encrypting method and system based on fingerprint information |
| CN103473498A (en) * | 2013-09-12 | 2013-12-25 | 深圳市文鼎创数据科技有限公司 | Application program security verification method and terminal |
| CN103475661A (en) * | 2013-09-12 | 2013-12-25 | 深圳市文鼎创数据科技有限公司 | Method and system for safely obtaining authentication programs |
| CN103488944A (en) * | 2013-09-12 | 2014-01-01 | 深圳市文鼎创数据科技有限公司 | Application program safety control method and application program safety control system |
| CN103473498B (en) * | 2013-09-12 | 2016-03-23 | 深圳市文鼎创数据科技有限公司 | Application security verification method and terminal |
| CN103475661B (en) * | 2013-09-12 | 2016-08-24 | 深圳市文鼎创数据科技有限公司 | The safe acquisition methods of authentication procedure and system |
| CN104065487A (en) * | 2014-07-08 | 2014-09-24 | 华南理工大学 | Random secret value IBC identity authentication method based on digital fingerprint |
| CN106330448A (en) * | 2015-06-30 | 2017-01-11 | 华为软件技术有限公司 | User legality verification method and system, and devices |
| CN106330448B (en) * | 2015-06-30 | 2020-03-10 | 华为技术有限公司 | User validity verification method, device and system |
| CN106096443A (en) * | 2016-06-12 | 2016-11-09 | 杨鹏 | A kind of Contract Enforcement method and system based on Biont information |
| CN106096443B (en) * | 2016-06-12 | 2018-12-21 | 杨鹏 | A kind of Contract Enforcement method and system based on Biont information |
| CN106096444A (en) * | 2016-06-12 | 2016-11-09 | 杨鹏 | A kind of identification based on bio information and social information's recording method and system |
| CN107979579A (en) * | 2016-10-25 | 2018-05-01 | 航天信息股份有限公司 | A kind of safety certifying method and safety certificate equipment |
| CN108021813A (en) * | 2016-11-02 | 2018-05-11 | 斯凯耶科德公司 | Method for protecting the transaction performed from non-security terminal |
| CN106789096A (en) * | 2017-03-30 | 2017-05-31 | 山东超越数控电子有限公司 | A kind of biological characteristic cipher authentication method and device |
| CN109388931A (en) * | 2018-09-12 | 2019-02-26 | 航天信息股份有限公司 | The distributing method and device of method for protecting software, USBKEY equipment based on USBKEY equipment |
| CN111222119A (en) * | 2019-12-27 | 2020-06-02 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Dump analysis terminal and safe dump analysis method for locomotive operation data |
| CN112232815A (en) * | 2020-10-14 | 2021-01-15 | 深圳三角形科技有限公司 | Block chain-based digital currency transaction management method, device, equipment and medium |
| CN112232815B (en) * | 2020-10-14 | 2023-12-01 | 深圳三角形科技有限公司 | Block chain-based digital currency transaction management method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101661599B (en) | 2012-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101661599B (en) | Method for authenticating validity of self-contained software of equipment system | |
| CN101662469B (en) | Method and system based on USBKey online banking trade information authentication | |
| CN102880960B (en) | Based on the payment by using short messages method and system of fingerprint recognition mobile phone | |
| US9037851B2 (en) | User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management | |
| CN101334884B (en) | Improve the method and system of account transfer safety | |
| US20130219481A1 (en) | Cyberspace Trusted Identity (CTI) Module | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN112232814B (en) | Encryption and decryption methods of payment key, payment authentication method and terminal equipment | |
| CN202854880U (en) | SMS payment system based on fingerprint identification mobile phone | |
| EP3652887A1 (en) | Method and system for data security within independent computer systems and digital networks | |
| CN1529856A (en) | Internet third-pard authentication using electronic ticket | |
| TWM623435U (en) | System for verifying client identity and transaction services using multiple security levels | |
| KR20150011293A (en) | Biometric authentication Electronic Signature Service methods Using an instant messenger | |
| CN104125064A (en) | Dynamic password authentication method, client and authentication system | |
| KR100785894B1 (en) | Electronic signature processing system using mobile telecommunication terminal and the method thereof | |
| CN103051618A (en) | Terminal authentication equipment and network authentication method | |
| KR101498120B1 (en) | Digital certificate system for cloud-computing environment and method thereof | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| CN106921501A (en) | A kind of intelligent cipher signature identity differentiates authentication method and system | |
| KR101360843B1 (en) | Next Generation Financial System | |
| Kiljan et al. | What you enter is what you sign: Input integrity in an online banking environment | |
| CN1271525C (en) | Computer system landing method | |
| KR20080042582A (en) | System and method for protecting a user device using a token device | |
| TWI828001B (en) | System for using multiple security levels to verify customer identity and transaction services and method thereof | |
| CN115987636B (en) | Information security implementation method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120822 Termination date: 20120925 |