CN101661599B - Method for authenticating validity of self-contained software of equipment system - Google Patents
Method for authenticating validity of self-contained software of equipment system Download PDFInfo
- Publication number
- CN101661599B CN101661599B CN200910153017XA CN200910153017A CN101661599B CN 101661599 B CN101661599 B CN 101661599B CN 200910153017X A CN200910153017X A CN 200910153017XA CN 200910153017 A CN200910153017 A CN 200910153017A CN 101661599 B CN101661599 B CN 101661599B
- Authority
- CN
- China
- Prior art keywords
- software
- usbkey
- random number
- fingerprint
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for authenticating the validity of self-contained software of an equipment system; fingerprinting and a confusion key shared by system software and equipment are mounted into an operating system simultaneously; and when a user inputs information to confirm a trade, a USBKey obtains the fingerprint data of the user, generates a random number, uses the fingerprinting to encrypt the fingerprint data and the random number, and transmits to the system software. The system software obtains the fingerprint data after using a confusion arithmetic to decrypt, uses the fingerprinting to calculate the fingerprint characteristics of the user, and compares the fingerprint characteristics with the fingerprint characteristics obtained through USBKey calculation. If the comparison results are same, then authentication on the validity of the system software is passed and the trade is confirmed. Based on the thought of 'reliable equipment', the method for authenticating the validity of the self-contained software of the equipment system implements bidirectional authentication between important components and the system equipment in the software system; and the system equipment can not work normally after the validity of the software system is confirmed to stop 'trojan' programs to fake as legal programs to visit equipment or steal and alter the input data of the user.
Description
Technical field
The present invention relates to software legitimacy authentication techniques field, the method that the software that particularly device systems is carried carries out the legitimacy authentication.
Background technology
Along with rapid development of network technology, online transaction is progressively accepted by popular with convenience, the cheap of use cost of its use, and the user of online transaction also just progressively increases.Yet the safety problem of online transaction also becomes the focus that the user pays close attention to gradually, and the report of the online transaction security incident that causes because of " wooden horse " or " fryer " program also gets more and more, and a large number of users is also day by day strong for the worry of online transaction.
The existing client identity authentication system of online transaction is a technological core with the U shield, the Web bank of industrial and commercial bank for example, and on the security of transaction, industrial and commercial bank uses the U shield to protect each transaction.Current, along with paying close attention to for the more of safety problem, the potential safety hazard in each link of U shield work is solved just one by one more, and in whole PKI system, the security of U shield work has arrived a high level.But in process of exchange, except that the legitimacy that will guarantee the U shield, the security of network link the inside also is very important.In the process of exchange, the user imports Transaction Information in software systems, in case Transaction Information is maliciously tampered in network link, will causes the user that illegal transaction information is confirmed and is not realized.
Use internet bank trade, client identity authenticating device (example is said USBKey) with operation system, ca authentication center reciprocal process in be to follow Public Key Infrastructure(PKI) system standard fully.The prior art internet bank trade is by following four steps:
1). the user imports transaction data through application browser in Internet bank interface;
2). the transaction data of the input in application browser is received by control, is handled by control;
3). transaction data is sent to CSP (CSP, Cryptographic ServiceProvider) from control and handles;
4) .CSP transmission transaction data is encrypted to USBKEY;
5) transaction data after .USBKEY output is encrypted is sent into operation system and is handled.
Through the PKI system, can guarantee that transaction data is imported into USBKEY and encrypts and send into the security of operation system process.But in process of exchange, from user input data, carrying out in the process of digital signature to the input data equipment of being admitted to, is to lack necessary safeguard measure to user input data.The data of user's input may be stolen or distort in this process.For preventing to be distorted in the process of exchange, the applicant writes USBKEY with data signature software when dispatching from the factory, and original standard interface of shielding CSP causes the hacker to attack through the access of standard interface.
In order to prevent rogue program intrusion computer system, intercepting and capturing transaction data needs data sign software legitimacy authentication mechanism, the security that further improves internet bank trade.
Summary of the invention
The present invention is intended to avoid system software by illegal replacement; The invalid data that sends is received and misses the risk of confirming by misconnection; A kind of two-way authentication between the important procedure and system equipment in the software systems of before transaction, carrying out is provided; System equipment just can operate as normal after confirming the legitimacy of software systems, stops " wooden horse " program personation legal procedure unauthorized access equipment or steals and distort user's input data.
For the technical scheme that reaches goal of the invention the present invention employing is:
The method that a kind of software that device systems is carried carries out the legitimacy authentication; It is characterized in that said device systems is that USBKEY does not have the no soft mode of driving; The software of required checking writes USBKEY when dispatching from the factory; Software is installed in the operating system automatically when using USBKEY first, and the software of USBKEY and required checking is shared key or shared fingerprint algorithm and random number and obscured/separate and obscure algorithm, before the user concludes the business, carries out the legitimate verification of following steps; If legitimacy can not be passed through, then refusal transaction; Legitimate verification continues flow through under the situation;
Said authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
Further, the inventive method also comprises is carried out authentication to whether the software binary code distorts, and promptly adopts following steps:
A.USBKEY produces a random number;
B. according to the value of random number, find the corresponding position of random number as reference position, get one section binary code the software of depositing among the USBKEY;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system's install software, finds the corresponding position of random number according to the numerical value of random number, as reference position, gets same one section binary code;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY, two hash values are compared, successful then integral component legitimate verification passes through, and failing then, legitimate verification does not pass through.
The present invention also can comprise step: when system thinks that this software is by illegal replacement, system will shield the transaction data of this software executing, transaction is closed, and the prompting user.
For ease of the renewal of software, the inventive method is accepted the more new element of this software of far-end control carrying out through network after judging that software is legal software.
Compare prior art; Beneficial effect of the present invention is the method for carrying out the legitimacy authentication through to the signature authentication program that is used for internet bank trade (or claiming assembly) and device systems; Solve safely on the net in the middle of the process of exchange; Because system software is by illegal replacement, the invalid data of transmission is received and misses the risk of confirming by misconnection.This mechanism is based on the thought of " credible equipment "; Before transaction, carry out the two-way authentication between the significant components and system equipment in the software systems; System equipment just can operate as normal after confirming the legitimacy of software systems, stops " wooden horse " program personation legal procedure unauthorized access equipment or steals and distort user's input data.
Description of drawings
Fig. 1 is the flow process according to the software authentication method that one embodiment of the invention illustrated.
Fig. 2 is the flow process of the software authentication method that illustrates according to the second embodiment of the present invention.
Embodiment
Come the present invention is further specified below in conjunction with specific embodiment, but do not limit the invention to these embodiments.One skilled in the art would recognize that the present invention contained in claims scope all alternativess, improvement project and the equivalents that possibly comprise.
When dispatching from the factory; Device interior promptly has the software (or assembly) that is used for the internet bank trade signature authentication; Utilize the binding of software (or assembly) and equipment; Use the method for sharing key, system software is done the authentication of legitimacy when using, thereby guarantee that the data that equipment receives come from legal system software.
At first, equipment is when dispatching from the factory, and system software has been stored in the middle of the secure memory space of equipment; And system software has the fingerprint algorithm of sharing with equipment and obscures key; All content shared all can be carried in software installation or moving process, still, and because of USBKey equipment has secure memory space; The binary code of system software is when writing the space; Its start address that writes, data space all can't read from the outside, thus its data structure can't directly be read by the third party, to protect its privacy;
When being used first, system software is installed in the middle of the operating system automatically,
Said authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
For further improving validity and the security of differentiating legal software, the present invention also adopts binary code to carry out hash value comparison method, and its verification process is as shown in Figure 2:
A.USBKEY produces a random number;
B. according to the value of random number,, find the corresponding position of random number, get one section binary code (for example 32) as reference position to the integral component of depositing among the USBKEY;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system software, finds the corresponding position of random number according to the numerical value of random number, as reference position, gets same one section binary code, as 32;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY, two hash values are compared, successful then software legitimate verification passes through, and failing then, legitimate verification does not pass through.
For the integral component that legitimacy is not passed through by authentication, this integral component is thought by illegal replacement by system, and system will shield the transaction data that this integral component sends, transaction is closed, and the prompting user.
Claims (4)
1. method that the software that device systems is carried carries out the legitimacy authentication; It is characterized in that said device systems is that USBKEY does not have the no soft mode of driving; The software of required checking writes USBKEY when dispatching from the factory; Software is installed in the operating system automatically when using USBKEY first, and the software of USBKEY and required checking is shared key or shared fingerprint algorithm and random number and obscured/separate and obscure algorithm, before the user concludes the business, carries out the legitimate verification of following steps; If legitimacy can not be passed through, then refusal transaction; Legitimate verification continues flow through under the situation;
Said authentication method may further comprise the steps:
(1) user imports the trade confirmation fingerprint;
(2) USBKEY carries out fingerprint recognition, obtains finger print data, and obtains fingerprint characteristic value 1 with the fingerprint algorithm computing;
(3) USBKEY produces a random number, and obscures the encryption finger print data with random number, sends system software to;
(4) system software is obscured algorithm and is solved finger print data to separate accordingly, and obtains fingerprint characteristic value 2 with the fingerprint algorithm operation;
(5) system software sends eigenwert 2 to USBKEY;
(6) two eigenwerts are compared in USBKEY, successful then legitimacy integral component is passed through, and the legitimacy of failing is not then passed through.
2. the method that the software that device systems is carried as claimed in claim 1 carries out the legitimacy authentication is characterized in that also comprising whether the software binary code distorted and carries out authentication, promptly adopts following steps:
A.USBKEY produces a random number;
B. according to the value of random number, find the corresponding position of random number as reference position, get one section binary code the software of depositing among the USBKEY;
C. code is carried out the Hash computing, obtain hash value 1;
D.USBKEY in system's install software, finds the corresponding position of random number according to the numerical value of random number, as reference position, gets same one section binary code;
E. obtain hash value 2 with same hash algorithm computing;
F. the hash value 2 that computing is obtained sends USBKEY to;
G. in USBKEY, two hash values are compared, successful then integral component legitimate verification passes through, and failing then, legitimate verification does not pass through.
3. according to claim 1 or claim 2 the software that device systems the is carried method of carrying out the legitimacy authentication; It is characterized in that also comprising when system thinks that this software is by illegal replacement; System will shield the transaction data of this software executing, transaction closed, and the prompting user.
4. the method that the software that device systems is carried as claimed in claim 3 carries out the legitimacy authentication is characterized in that also comprising that system thinks that this software is legal software, accepts the more new element of this software of far-end control carrying out through network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910153017XA CN101661599B (en) | 2009-09-25 | 2009-09-25 | Method for authenticating validity of self-contained software of equipment system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910153017XA CN101661599B (en) | 2009-09-25 | 2009-09-25 | Method for authenticating validity of self-contained software of equipment system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101661599A CN101661599A (en) | 2010-03-03 |
| CN101661599B true CN101661599B (en) | 2012-08-22 |
Family
ID=41789604
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910153017XA Expired - Fee Related CN101661599B (en) | 2009-09-25 | 2009-09-25 | Method for authenticating validity of self-contained software of equipment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101661599B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102185694A (en) * | 2010-12-21 | 2011-09-14 | 常熟理工学院 | Electronic file encrypting method and system based on fingerprint information |
| CN103488944A (en) * | 2013-09-12 | 2014-01-01 | 深圳市文鼎创数据科技有限公司 | Application program safety control method and application program safety control system |
| CN103473498B (en) * | 2013-09-12 | 2016-03-23 | 深圳市文鼎创数据科技有限公司 | Application security verification method and terminal |
| CN103475661B (en) * | 2013-09-12 | 2016-08-24 | 深圳市文鼎创数据科技有限公司 | The safe acquisition methods of authentication procedure and system |
| CN104065487A (en) * | 2014-07-08 | 2014-09-24 | 华南理工大学 | Random secret value IBC identity authentication method based on digital fingerprint |
| CN106330448B (en) * | 2015-06-30 | 2020-03-10 | 华为技术有限公司 | User validity verification method, device and system |
| CN106096443B (en) * | 2016-06-12 | 2018-12-21 | 杨鹏 | A kind of Contract Enforcement method and system based on Biont information |
| CN106096444B (en) * | 2016-06-12 | 2019-05-14 | 杨鹏 | A kind of identification based on biological information and social information's recording method and system |
| CN107979579B (en) * | 2016-10-25 | 2020-06-02 | 航天信息股份有限公司 | Security authentication method and security authentication equipment |
| EP3319000A1 (en) * | 2016-11-02 | 2018-05-09 | Skeyecode | Method for securing a transaction performed from a non-secure terminal |
| CN106789096A (en) * | 2017-03-30 | 2017-05-31 | 山东超越数控电子有限公司 | A kind of biological characteristic cipher authentication method and device |
| CN109388931A (en) * | 2018-09-12 | 2019-02-26 | 航天信息股份有限公司 | The distributing method and device of method for protecting software, USBKEY equipment based on USBKEY equipment |
| CN111222119A (en) * | 2019-12-27 | 2020-06-02 | 武汉船舶通信研究所(中国船舶重工集团公司第七二二研究所) | Dump analysis terminal and safe dump analysis method for locomotive operation data |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101064610A (en) * | 2007-05-25 | 2007-10-31 | 四川长虹电器股份有限公司 | Identity authentication process |
| CN101236496A (en) * | 2007-01-29 | 2008-08-06 | 展讯通信(上海)有限公司 | Software consistency detector methods and apparatus |
-
2009
- 2009-09-25 CN CN200910153017XA patent/CN101661599B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101236496A (en) * | 2007-01-29 | 2008-08-06 | 展讯通信(上海)有限公司 | Software consistency detector methods and apparatus |
| CN101064610A (en) * | 2007-05-25 | 2007-10-31 | 四川长虹电器股份有限公司 | Identity authentication process |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101661599A (en) | 2010-03-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101661599B (en) | Method for authenticating validity of self-contained software of equipment system | |
| CN101662469B (en) | Method and system based on USBKey online banking trade information authentication | |
| US9525690B2 (en) | Securely integrating third-party applications with banking systems | |
| CN102880960B (en) | Based on the payment by using short messages method and system of fingerprint recognition mobile phone | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN101334884B (en) | Improve the method and system of account transfer safety | |
| US20120278614A1 (en) | User authentication system, user authentication apparatus, smart card, and user authentication method for ubiquitous authentication management | |
| CN112232814B (en) | Encryption and decryption methods of payment key, payment authentication method and terminal equipment | |
| CN202854880U (en) | SMS payment system based on fingerprint identification mobile phone | |
| CN1529856A (en) | Internet third-pard authentication using electronic ticket | |
| TWM623435U (en) | System for verifying client identity and transaction services using multiple security levels | |
| US9734346B2 (en) | Device and method for providing security in remote digital forensic environment | |
| CN104283686A (en) | Digital right management method and system | |
| CN103051618A (en) | Terminal authentication equipment and network authentication method | |
| KR101498120B1 (en) | Digital certificate system for cloud-computing environment and method thereof | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| CN106921501A (en) | A kind of intelligent cipher signature identity differentiates authentication method and system | |
| KR102053993B1 (en) | Method for Authenticating by using Certificate | |
| Nosrati et al. | Security assessment of mobile-banking | |
| KR101360843B1 (en) | Next Generation Financial System | |
| Kiljan et al. | What you enter is what you sign: Input integrity in an online banking environment | |
| KR20100114796A (en) | Method of controlling financial transaction by financial transaction device and computing device | |
| KR20080042582A (en) | System and method for protecting a user device using a token device | |
| Athidass et al. | Security issues in mobile banking | |
| TWI828001B (en) | System for using multiple security levels to verify customer identity and transaction services and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120822 Termination date: 20120925 |