CN101661599A - Method for authenticating validity of self-contained software of equipment system - Google Patents

Method for authenticating validity of self-contained software of equipment system Download PDF

Info

Publication number
CN101661599A
CN101661599A CN200910153017A CN200910153017A CN101661599A CN 101661599 A CN101661599 A CN 101661599A CN 200910153017 A CN200910153017 A CN 200910153017A CN 200910153017 A CN200910153017 A CN 200910153017A CN 101661599 A CN101661599 A CN 101661599A
Authority
CN
China
Prior art keywords
software
usbkey
random
fingerprint
legitimacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910153017A
Other languages
Chinese (zh)
Other versions
CN101661599B (en
Inventor
岑旭聚
张伟峰
邹建军
陆捷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZHEJIANG WELLCOM BIOMETRICS CO Ltd
Original Assignee
ZHEJIANG WELLCOM BIOMETRICS CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZHEJIANG WELLCOM BIOMETRICS CO Ltd filed Critical ZHEJIANG WELLCOM BIOMETRICS CO Ltd
Priority to CN200910153017XA priority Critical patent/CN101661599B/en
Publication of CN101661599A publication Critical patent/CN101661599A/en
Application granted granted Critical
Publication of CN101661599B publication Critical patent/CN101661599B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a method for authenticating the validity of self-contained software of an equipment system; fingerprinting and a confusion key shared by system software and equipment are mounted into an operating system simultaneously; and when a user inputs information to confirm a trade, a USBKey obtains the fingerprint data of the user, generates a random number, uses the fingerprintingto encrypt the fingerprint data and the random number, and transmits to the system software. The system software obtains the fingerprint data after using a confusion arithmetic to decrypt, uses the fingerprinting to calculate the fingerprint characteristics of the user, and compares the fingerprint characteristics with the fingerprint characteristics obtained through USBKey calculation. If the comparison results are same, then authentication on the validity of the system software is passed and the trade is confirmed. Based on the thought of 'reliable equipment', the method for authenticatingthe validity of the self-contained software of the equipment system implements bidirectional authentication between important components and the system equipment in the software system; and the systemequipment can not work normally after the validity of the software system is confirmed to stop 'trojan' programs to fake as legal programs to visit equipment or steal and alter the input data of theuser.

Description

A kind of software that device systems is carried carries out the method for legitimacy authentication
Technical field
The present invention relates to software legitimacy authentication techniques field, particularly the software that device systems is carried carries out the method for legitimacy authentication.
Background technology
Along with rapid development of network technology, online transaction is progressively accepted by popular with convenience, the cheap of use cost of its use, and the user of online transaction also just progressively increases.Yet the safety problem of online transaction also becomes the focus that the user pays close attention to gradually, and the report of the online transaction security incident that causes because of " wooden horse " or " fryer " program also gets more and more, and a large number of users is also day by day strong for the worry of online transaction.
The existing client identity authentication system of online transaction is a technological core with the U shield, the Web bank of industrial and commercial bank for example, and on the security of transaction, industrial and commercial bank uses the U shield to protect each transaction.Current, along with the more concerns for safety problem, the potential safety hazard in each link of U shield work is solved just one by one, and in whole PKI system, the security of U shield work has arrived a high level.But in process of exchange, except that the legitimacy that will guarantee the U shield, the security of network link the inside also is very important.In the process of exchange, the user imports Transaction Information in software systems, in case Transaction Information is maliciously tampered in network link, will causes the user that illegal transaction information is confirmed and is not realized.
Use internet bank trade, client identity authenticating device (example is said USBKey) with operation system, ca authentication center reciprocal process in be to follow Public Key Infrastructure(PKI) system standard fully.The prior art internet bank trade is by following four steps:
1). the user imports transaction data by using browser in Internet bank interface;
2). the transaction data of the input in using browser is received by control, is handled by control;
3). transaction data is sent to CSP (CSP, Cryptographic ServiceProvider) from control and handles;
4) .CSP transmission transaction data is encrypted to USBKEY;
5) transaction data after .USBKEY output is encrypted is sent into operation system and is handled.
By the PKI system, can guarantee that transaction data is imported into USBKEY and encrypts and send into the security of operation system process.But in process of exchange, from user input data, carrying out in the process of digital signature to the input data equipment of being admitted to, is to lack necessary safeguard measure to user input data.The data of user's input may be stolen or distort in this process.For preventing to be distorted in the process of exchange, the applicant writes USBKEY with data signature software when dispatching from the factory, and original standard interface of shielding CSP causes the hacker to attack by the access of standard interface.
In order to prevent rogue program intrusion computer system, intercepting and capturing transaction data needs data sign software legitimacy authentication mechanism, the security that further improves internet bank trade.
Summary of the invention
The present invention is intended to avoid system software by illegal replacement, the invalid data that sends is subjected to and misses the risk of confirming by misconnection, a kind of two-way authentication between the important procedure and system equipment in the software systems of carrying out before transaction is provided, system equipment just can operate as normal after confirming the legitimacy of software systems, stops " wooden horse " program personation legal procedure unauthorized access equipment or steals and distort user's input data.
For reaching goal of the invention the technical solution used in the present invention be:
A kind of software that device systems is carried carries out the method for legitimacy authentication, it is characterized in that described device systems is that USBKEY does not have the no soft mode of driving, the software of required checking writes USBKEY when dispatching from the factory, software is installed in the operating system automatically when using USBKEY first, the software of USBKEY and required checking is shared key or shared fingerprint algorithm and random number and is obscured/separate and obscure algorithm, before concluding the business, the user carries out the legitimate verification of following steps, if legitimacy can not be passed through, then refusal transaction; Legitimate verification continues follow-up flow process by under the situation;
Described authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
Further, the inventive method also comprises and to whether the software binary code distorts being authenticated, and promptly adopts following steps:
A.USBKEY produces a random number;
B. according to the value of random number, one section binary code is got as reference position in the position that the software of depositing among the USBKEY is found the random number correspondence;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system's install software, finds the position of random number correspondence according to the numerical value of random number, as reference position, gets same one section binary code;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY two hash values are compared, successful then integral component legitimate verification passes through, and failing then, legitimate verification does not pass through.
The present invention also can comprise step: when system thinks that this software is by illegal replacement, system will shield the transaction data that this software is carried out, transaction is closed, and the prompting user.
For ease of the renewal of software, the inventive method is accepted the more new element of this software of far-end control carrying out by network after judging that software is legal software.
Compared to existing technology, beneficial effect of the present invention is by the signature authentication program (or claiming assembly) that is used for internet bank trade is carried out the method that legitimacy authenticates with device systems, solve safely on the net in the middle of the process of exchange, because system software is by illegal replacement, the invalid data of transmission is subjected to and misses the risk of confirming by misconnection.This mechanism is based on the thought of " credible equipment ", before transaction, carry out the two-way authentication between the significant components and system equipment in the software systems, system equipment just can operate as normal after confirming the legitimacy of software systems, stops " wooden horse " program personation legal procedure unauthorized access equipment or steals and distort user's input data.
Description of drawings
Fig. 1 is the flow process according to the software authentication method that one embodiment of the invention illustrated.
Fig. 2 is the flow process of the software authentication method that illustrates according to the second embodiment of the present invention.
Embodiment
Come the present invention is further specified below in conjunction with specific embodiment, but do not limit the invention to these embodiments.One skilled in the art would recognize that the present invention contained in claims scope all alternativess, improvement project and the equivalents that may comprise.
When dispatching from the factory, device interior promptly has the software (or assembly) that is used for the internet bank trade signature authentication, utilize the binding of software (or assembly) and equipment, use the method for sharing key, system software is done the authentication of legitimacy when using, thereby guarantee that the data that equipment receives come from legal system software.
At first, equipment is when dispatching from the factory, system software has been stored in the middle of the secure memory space of equipment, and system software has the fingerprint algorithm of sharing with equipment and obscures key, all content shared all can be carried in software installation or moving process, but, because of USBKey equipment has secure memory space, the binary code of system software is when writing the space, its start address that writes, data space all can't read from the outside, so its data structure can't directly be read by the third party, to protect its privacy;
When being used first, system software is installed in the middle of the operating system automatically,
Described authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
Be further to improve validity and the security of differentiating legal software, the present invention also adopts binary code to carry out hash value comparison method, its verification process as shown in Figure 2:
A.USBKEY produces a random number;
B. according to the value of random number, to the integral component of depositing among the USBKEY, one section binary code (for example 32) is got as reference position in the position of finding the random number correspondence;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system software, finds the position of random number correspondence according to the numerical value of random number, as reference position, gets same one section binary code, as 32;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY two hash values are compared, successful then software legitimate verification passes through, and failing then, legitimate verification does not pass through.
For the not certified integral component that passes through of legitimacy, this integral component is thought by illegal replacement by system, and system will shield the transaction data that this integral component sends, transaction is closed, and the prompting user.

Claims (4)

1. the software that device systems is carried carries out the method that legitimacy authenticates, it is characterized in that described device systems is that USBKEY does not have the no soft mode of driving, the software of required checking writes USBKEY when dispatching from the factory, software is installed in the operating system automatically when using USBKEY first, the software of USBKEY and required checking is shared key or shared fingerprint algorithm and random number and is obscured/separate and obscure algorithm, before concluding the business, the user carries out the legitimate verification of following steps, if legitimacy can not be passed through, then refusal transaction; Legitimate verification continues follow-up flow process by under the situation;
Described authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
2, the software that device systems is carried as claimed in claim 1 carries out the method for legitimacy authentication, it is characterized in that also comprising whether the software binary code distorted authenticating, and promptly adopts following steps:
A.USBKEY produces a random number;
B. according to the value of random number, one section binary code is got as reference position in the position that the software of depositing among the USBKEY is found the random number correspondence;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system's install software, finds the position of random number correspondence according to the numerical value of random number, as reference position, gets same one section binary code;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY two hash values are compared, successful then integral component legitimate verification passes through, and failing then, legitimate verification does not pass through.
3, the software that device systems is carried as claimed in claim 1 or 2 carries out the method for legitimacy authentication, it is characterized in that also comprising when system thinks that this software is by illegal replacement, system will shield the transaction data that this software is carried out, transaction closed, and the prompting user.
4, the software that device systems is carried as claimed in claim 3 carries out the method for legitimacy authentication, it is characterized in that also comprising that system thinks that this software is legal software, accepts the more new element of this software of far-end control carrying out by network.
CN200910153017XA 2009-09-25 2009-09-25 Method for authenticating validity of self-contained software of equipment system Expired - Fee Related CN101661599B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910153017XA CN101661599B (en) 2009-09-25 2009-09-25 Method for authenticating validity of self-contained software of equipment system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910153017XA CN101661599B (en) 2009-09-25 2009-09-25 Method for authenticating validity of self-contained software of equipment system

Publications (2)

Publication Number Publication Date
CN101661599A true CN101661599A (en) 2010-03-03
CN101661599B CN101661599B (en) 2012-08-22

Family

ID=41789604

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910153017XA Expired - Fee Related CN101661599B (en) 2009-09-25 2009-09-25 Method for authenticating validity of self-contained software of equipment system

Country Status (1)

Country Link
CN (1) CN101661599B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185694A (en) * 2010-12-21 2011-09-14 常熟理工学院 Electronic file encrypting method and system based on fingerprint information
CN103475661A (en) * 2013-09-12 2013-12-25 深圳市文鼎创数据科技有限公司 Method and system for safely obtaining authentication programs
CN103473498A (en) * 2013-09-12 2013-12-25 深圳市文鼎创数据科技有限公司 Application program security verification method and terminal
CN103488944A (en) * 2013-09-12 2014-01-01 深圳市文鼎创数据科技有限公司 Application program safety control method and application program safety control system
CN104065487A (en) * 2014-07-08 2014-09-24 华南理工大学 Random secret value IBC identity authentication method based on digital fingerprint
CN106096443A (en) * 2016-06-12 2016-11-09 杨鹏 A kind of Contract Enforcement method and system based on Biont information
CN106096444A (en) * 2016-06-12 2016-11-09 杨鹏 A kind of identification based on bio information and social information's recording method and system
CN106330448A (en) * 2015-06-30 2017-01-11 华为软件技术有限公司 User legality verification method and system, and devices
CN106789096A (en) * 2017-03-30 2017-05-31 山东超越数控电子有限公司 A kind of biological characteristic cipher authentication method and device
CN107979579A (en) * 2016-10-25 2018-05-01 航天信息股份有限公司 A kind of safety certifying method and safety certificate equipment
CN109388931A (en) * 2018-09-12 2019-02-26 航天信息股份有限公司 The distributing method and device of method for protecting software, USBKEY equipment based on USBKEY equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236496A (en) * 2007-01-29 2008-08-06 展讯通信(上海)有限公司 Software consistency detector methods and apparatus
CN101064610A (en) * 2007-05-25 2007-10-31 四川长虹电器股份有限公司 Identity authentication process

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102185694A (en) * 2010-12-21 2011-09-14 常熟理工学院 Electronic file encrypting method and system based on fingerprint information
CN103475661B (en) * 2013-09-12 2016-08-24 深圳市文鼎创数据科技有限公司 The safe acquisition methods of authentication procedure and system
CN103473498A (en) * 2013-09-12 2013-12-25 深圳市文鼎创数据科技有限公司 Application program security verification method and terminal
CN103488944A (en) * 2013-09-12 2014-01-01 深圳市文鼎创数据科技有限公司 Application program safety control method and application program safety control system
CN103473498B (en) * 2013-09-12 2016-03-23 深圳市文鼎创数据科技有限公司 Application security verification method and terminal
CN103475661A (en) * 2013-09-12 2013-12-25 深圳市文鼎创数据科技有限公司 Method and system for safely obtaining authentication programs
CN104065487A (en) * 2014-07-08 2014-09-24 华南理工大学 Random secret value IBC identity authentication method based on digital fingerprint
CN106330448A (en) * 2015-06-30 2017-01-11 华为软件技术有限公司 User legality verification method and system, and devices
CN106330448B (en) * 2015-06-30 2020-03-10 华为技术有限公司 User validity verification method, device and system
CN106096444A (en) * 2016-06-12 2016-11-09 杨鹏 A kind of identification based on bio information and social information's recording method and system
CN106096443B (en) * 2016-06-12 2018-12-21 杨鹏 A kind of Contract Enforcement method and system based on Biont information
CN106096443A (en) * 2016-06-12 2016-11-09 杨鹏 A kind of Contract Enforcement method and system based on Biont information
CN107979579A (en) * 2016-10-25 2018-05-01 航天信息股份有限公司 A kind of safety certifying method and safety certificate equipment
CN106789096A (en) * 2017-03-30 2017-05-31 山东超越数控电子有限公司 A kind of biological characteristic cipher authentication method and device
CN109388931A (en) * 2018-09-12 2019-02-26 航天信息股份有限公司 The distributing method and device of method for protecting software, USBKEY equipment based on USBKEY equipment

Also Published As

Publication number Publication date
CN101661599B (en) 2012-08-22

Similar Documents

Publication Publication Date Title
CN101661599B (en) Method for authenticating validity of self-contained software of equipment system
CN101662469B (en) Method and system based on USBKey online banking trade information authentication
CN102880960B (en) Based on the payment by using short messages method and system of fingerprint recognition mobile phone
US9037851B2 (en) User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management
US9544143B2 (en) System and method of notifying mobile devices to complete transactions
US20130219481A1 (en) Cyberspace Trusted Identity (CTI) Module
CN101334884B (en) Improve the method and system of account transfer safety
CN202854880U (en) SMS payment system based on fingerprint identification mobile phone
CN1529856A (en) Internet third-pard authentication using electronic ticket
CN101216923A (en) A system and method to enhance the data security of e-bank dealings
EP3652887A1 (en) Method and system for data security within independent computer systems and digital networks
KR20150011293A (en) Biometric authentication Electronic Signature Service methods Using an instant messenger
CN104283686A (en) Digital right management method and system
CN104125064A (en) Dynamic password authentication method, client and authentication system
KR100785894B1 (en) Electronic signature processing system using mobile telecommunication terminal and the method thereof
KR101498120B1 (en) Digital certificate system for cloud-computing environment and method thereof
CN103051618A (en) Terminal authentication equipment and network authentication method
KR101360843B1 (en) Next Generation Financial System
Kiljan et al. What you enter is what you sign: Input integrity in an online banking environment
CN1271525C (en) Computer system landing method
KR102053993B1 (en) Method for Authenticating by using Certificate
KR101936941B1 (en) Electronic approval system, method, and program using biometric authentication
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
CN106921501A (en) A kind of intelligent cipher signature identity differentiates authentication method and system
KR20080042582A (en) System and method for protecting a user device using a token device

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
C14 Grant of patent or utility model
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120822

Termination date: 20120925

C17 Cessation of patent right