CN102065148A - Memory system access authorizing method based on communication network - Google Patents

Memory system access authorizing method based on communication network Download PDF

Info

Publication number
CN102065148A
CN102065148A CN2011100047165A CN201110004716A CN102065148A CN 102065148 A CN102065148 A CN 102065148A CN 2011100047165 A CN2011100047165 A CN 2011100047165A CN 201110004716 A CN201110004716 A CN 201110004716A CN 102065148 A CN102065148 A CN 102065148A
Authority
CN
China
Prior art keywords
authorization
sign indicating
code
authorized
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011100047165A
Other languages
Chinese (zh)
Inventor
张启晨
郑有为
丁贤根
何慈康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
JIANGSU HUALI NETWORK ENGINEERING Co Ltd
INFINITRUM CO Ltd
Original Assignee
JIANGSU HUALI NETWORK ENGINEERING Co Ltd
INFINITRUM CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by JIANGSU HUALI NETWORK ENGINEERING Co Ltd, INFINITRUM CO Ltd filed Critical JIANGSU HUALI NETWORK ENGINEERING Co Ltd
Priority to CN2011100047165A priority Critical patent/CN102065148A/en
Publication of CN102065148A publication Critical patent/CN102065148A/en
Pending legal-status Critical Current

Links

Abstract

The invention relates to a memory system access authorizing method based on a communication network, which comprises the following steps of: utilizing communication equipment, an authorized computer and an authorizing server as the replacement or supplement of the traditional authorizing technology; authenticating equipment for transmitting an authorizing request code and receiving an authorizing code by an authorizing system and isolating the equipment from authorized computer equipment; transferring the authorizing request code and the authorizing code by a ciphertext and a communication technology which is independent of the authorized computer system; and carrying out multi-identity authentication in the access authorizing process, wherein the authorizing request code and the authorizing code are only effective in limited time. Compared with the traditional password authorizing mechanism, an authorized computer does not need to be accessed into any communication network, the authorizing code is generated during authorization and has limited life cycle, and the risk brought by authorizing code leakage can be prevented; and compared with the traditional file key authorizing mechanism, the invention can prevent loss and damage of authorizing equipment or inconvenience without portability, is safe enough and has the characteristics of convenience and flexibility.

Description

Storage system access authorization methods based on communication network
Technical field
The present invention relates to information security field, particularly a kind of authorization method, specifically a kind of storage system access authorization methods based on communication network.
Background technology
The information system of modern enterprise is resisted the outside threat except needs utilize fire compartment wall and anti-virus product, and data encryption has also become the main tool of protection enterprise information assets.Utilize the data encryption solution can protect the safety of the memory system data of equipment such as notebook computer, work station and server.Under through the situation of authorizing, storage system can be in the encipherment protection state, even be connected to network or miscellaneous equipment also can't this memory system data of access.Adopt the computer equipment of memory system data encryption technology, all data on its storage system will be protected, and the risk that confidential data is revealed reduces greatly.
Each storage system security product all needs a key to encrypt data in the storage system, and the access authorization methods that common memory system data encryption technology adopts has two kinds usually: based on the authorization method of file with based on the authorization method of password.
Based on the authorization method of file when storage system is encrypted, with the seed of certain file as the key file of encrypting storage system, if do not have this file or store the media (as USB memory device or smart card) of this file, can't remove file system and encrypt; Based on the authorization method of password, behind the correct licencing key of input, can remove the encryption of file system.In existing two kinds of authorization methods, be independent of the authorisation device smart card or the USB memory device of key file (as store) of authorization terminal system, lose under the situation of damaging or not carrying in authorisation device, authorization failure will be caused, the carrying out of normal business event may be influenced or the clerical workforce's telecommuting of going out; Adopt the authorization method of password, though in use can not be subjected to the restriction of decrypt authorized equipment, password need regularly replace and standardized administration, also may reveal because of password and cause enterprise information assets safety to be on the hazard.
Hence one can see that, and existing authorization method is to the management of file key/secret and to use be weak link in the information safety protecting method always.Therefore, data encryption technology also needs for the user provides safety and authorization easily in the protection enterprise information assets, reduces because the password that the user surfs the web, society's communication causes is revealed the risk of being brought with this.
Summary of the invention
At the problems referred to above, the applicant has carried out improving research, a kind of storage system access authorization methods based on communication network is provided, utilize communication equipment, be authorized to computer, authorization server password, authorisation device or as the replenishing of existing authorisation device as an alternative, when guaranteeing the licensing scheme fail safe with the maximum convenience of using.
Technical scheme of the present invention is as follows: revise according to claim
A kind of storage system access authorization methods based on communication network, the internet that will be authorized between computer and the authorization server isolates, and between is provided with third party device, described third party device is as sending the authorization requests sign indicating number and receive the intermediate equipment of authorization code, its communication network by being independent of the internet be authorized to the information interaction that computer and authorization server carry out licensing process and receive licensing process.
Its further technical scheme is: comprise the request licensing process and receive licensing process, concrete steps are as follows:
The request licensing process is carried out following steps successively:
1) is being authorized to operation authorization requests sign indicating number generator on the ustomer premises access equipment;
2) authorization requests sign indicating number generator is according to the legitimacy of the identification password authentification user identity of user's input; If identification password authentification result shows this user and does not meet the user identity that request is authorized that then licensing process stops;
3) authorization requests sign indicating number generator generates the authorization requests sign indicating number;
4) the authorization requests sign indicating number inputs to communication equipment by short range transmission technology or user;
5) be authorized to the user side communication equipment authorization requests sign indicating number is sent to authorization server by communication network;
6) authorization server end equipment receives the authorization requests sign indicating number that communication equipment sends;
7) device authentication of authorization server end sends the legitimacy of the communication equipment of authorization requests sign indicating number; If the checking testing result shows that this communication equipment is illegal, then licensing process stops;
8) legitimacy of authorization server checking authorization requests sign indicating number; If the checking testing result shows that this authorization requests sign indicating number is illegal, then licensing process stops;
9) the authorization requests sign indicating number is by after verifying, authorization server generates authorization code according to the authorization requests sign indicating number;
10) authorization server end equipment with authorization code be sent to send respective request be authorized to the user side communication equipment;
Receive licensing process and carry out following steps successively:
11) be authorized to the user side communication equipment and receive the authorization code that authorization server sends;
12) authorization code inputs to by short range transmission technology or user and is authorized to user side;
13) be authorized to the legitimacy that user side is verified authorization code;
14) if authorization code is proved to be successful, the user obtains and the access permission that is authorized to the storage system that ustomer premises access equipment is connected;
15) show that as if the checking testing result this authorization code is illegal, then authorization failure.
Its further technical scheme is: also comprise the steps: 10 ' after the described step 10) authorization server record this visit request.
Its further technical scheme is: described step 3 and step 9 generate in the process of authorization requests sign indicating number and authorization code, and the hardware device features, subscriber identity information and the current time that are authorized to terminal all will be as the input variables of generating algorithm.
Its further technical scheme is: authorization requests sign indicating number and authorization code that described step 3 and step 9 generate are one to one, all have for one effective period, and be only effective in time effective period; Also do not receive authorization code after the authorization requests sign indicating number generates in time effective period, then this authorization requests sign indicating number will be because of overtime automatic calcellation; Be not input in time effective period after authorization code generates and be authorized to terminal, then this authorization code also will be because of overtime automatic calcellation.
Its further technical scheme is: in the process of described step 8 and step 13 checking authorization requests sign indicating number and authorization code, adopt the multifactor authentication process, for user's user identity, to the hardware characteristics that is authorized to equipment, sending the authorization requests sign indicating number and receive the hardware characteristics of the communication equipment of authorization code all will be by checking.
Its further technical scheme is: in the process of described step 8 and step 13 checking authorization requests sign indicating number and authorization code, and need be to authorization requests sign indicating number and authorization code overtime checking the whether.
Its further technical scheme is: described transmission authorization requests sign indicating number and the communication equipment that receives authorization code are independent of the described terminal that is authorized to, and the communication network that is used to send and receive authorization requests sign indicating number and authorization code also is independent of and is authorized to terminal.
Its further technical scheme is: described transmission authorization requests sign indicating number and the communication equipment that receives authorization code are the equipment of registering in the authorization server system; Authorization server is verified the consistency of device registration information in described communication equipment and the authorization server system in the described step 7, if the authorization requests of receiving comes from the equipment of not registering in the authorization server system, then licensing process stops.
Its further technical scheme is: described authorization requests sign indicating number and authorization code transmit in the encrypted ciphertext mode in transport process, the ciphering process of authorization requests sign indicating number and the decrypting process of authorization code are finished by being authorized to ustomer premises access equipment, and the decrypting process of authorization requests sign indicating number and the ciphering process of authorization code are finished by authorization server end equipment.
Useful technique effect of the present invention is:
Authorization method of the present invention utilizes communication equipment, is authorized to computer and authorization server substituting or replenishing as existing authorization technique. The equipment that sends authorization requests sign indicating number and reception authorization code is isolated through the authoring system authentication and with the computer equipment that is authorized to, and authorization requests sign indicating number and authorization code are by ciphertext and independently communication technology transmission; The access authorization process need passes through multifactor authentication; Authorization requests sign indicating number and authorization code are only effective in the limited time.Compare with existing password authorization mechanism, be authorized to computer and need not to insert the Internet, authorization code generates when authorizing and has limited life cycle, can avoid password to reveal the risk of being brought; Compare with existing file key authorization mechanism, can avoid authorisation device to lose the inconvenience that damages or do not carry again.Therefore the present invention had both possessed safe enough, had convenience, flexible characteristic again.
Description of drawings
Fig. 1 is a composition module diagram of the present invention.
Fig. 2 is the schematic flow sheet of request licensing process of the present invention.
Fig. 3 is the schematic flow sheet of reception licensing process of the present invention.
Label declaration: among Fig. 1, that 10. waits storage system to be visited is authorized to terminal and wherein power request code generator, authorization code proving program of operation; 101. the licencing key of having deciphered; 102. unencrypted request authorization code; 103. short range transmission technology (as bluetooth), or user's input; 11. communication equipment; 111. the authorization code of having encrypted; 112. the authorization requests sign indicating number of having encrypted; 113. mobile radio communication or other telecommunication technology; 12. the authorization requests sign indicating number receives and the authorization code transmitting apparatus; 13. authorization server and authorization code generator; 131. unencrypted authorization code by the authorization server generation; 132. decipher the authorization requests sign indicating number that obtains by authorization server.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described further.
As shown in Figure 1, access authorization of the present invention system forms by following components is collaborative, and the function of each several part is as follows:
1, etc. storage system to be visited is authorized to terminal (as PC or notebook computer) and operation authorization requests sign indicating number generator and authorization code proving program 10 wherein.
When request is authorized, generate authorization requests sign indicating number 102 according to the hardware characteristics sign indicating number of operation terminal and time system data parameters such as (also can comprise user cipher), and by short range transmission technology 103(or the input equipments such as keyboard by communication equipment) with authorization requests sign indicating number input communication equipment 11; When accept authorizing, checking user input or by short range transmission technology 103(such as Bluetooth transmission technology) authorization code 101 that receives from communication equipment 11.
2, be used for sending authorization requests sign indicating number and receive the communication equipment of registering at authoring system 11 of authorization code.
When request is authorized, communication equipment 11(is generally mobile phone, also can be the normal telephone of in authoring system, registering) by short range transmission technology 103(or the input equipments such as keyboard by communication equipment) receive and be authorized to the unencrypted authorization requests sign indicating number 102 that terminal 10 generates, generate the authorization requests sign indicating number 112(that has encrypted if adopt the normal telephone of in authoring system, registering by the encryption software that operates on this communication equipment again as communication equipment, then authorization requests code encryption process can be finished by being authorized to terminal), by mobile radio communication or other telecommunication technology 113(such as GSM/CDMA cordless communication network) be sent to authorization server end authorization requests sign indicating number receiving equipment 12; When accepting to authorize, this communication equipment receives the licencing key of having encrypted 111 by mobile radio communication or telecommunication technology 113, and by run on the decryption software deciphering (if adopt the normal telephone of registering as communication equipment, then the authorization code decrypting process can be finished by being authorized to terminal) on this communication equipment in authoring system.
3, the authorization requests sign indicating number receives and authorization code transmitting apparatus 12.
Receive the authorization requests sign indicating number of having encrypted 112 and be sent to authorization server 13 by mobile radio communication or telecommunication technology 113; After authorization code generates, the authorization code of having encrypted 111 is sent to the communication equipment 11 that receives authorization code by mobile radio communication or telecommunication technology 113.
4, authorization server and operate in the authorization code generator 13 based on the authorization requests sign indicating number of authorization server end.
When being authorized to the terminal request mandate, authorization requests sign indicating number 112 deciphering that authorization server will have been encrypted, then according to the authorization requests sign indicating number 132 after the deciphering, on the basis of its legitimacy of checking, generate unencrypted authorization code 131 and encrypt according to authorization requests sign indicating number and relevant parameter and pass to authorization code dispensing device 12.
The present invention forms following request licensing process and receives licensing process according to above-mentioned access authorization system:
Fig. 2 has provided the flow chart of request licensing process, and process is as follows:
1) user is being equipped with the operation authorization requests sign indicating number generator (step 201) on the terminal that is authorized to of storage system (or external storage system, as USB flash disk).
2) authorization requests sign indicating number generator is according to the legitimacy of the identification password authentification user identity of user's input.If the checking result shows that this user does not meet the user identity that request is authorized, then licensing process stops (step 202).
3) authorization requests sign indicating number generator generates the authorization requests sign indicating number according to parameters such as the hardware characteristics sequence number of terminal, current time, dates.Each authorization requests sign indicating number that generates have certain life cycle, after the authorization requests sign indicating number generates, also do not receive authorization code in the certain hour, then this authorization requests sign indicating number will be because of overtime automatic calcellation (step 203).
4) the authorization requests sign indicating number inputs to mobile communication equipment (step 204) by short range transmission technology (as bluetooth) or user.
5) operate in software on the mobile communication equipment with the authorization requests code encryption, and be sent to authorization server (step 205) by communication network.
6) authorization server receives the authorization requests sign indicating number (step 206) that mobile communication equipment sends.
7) the authorization server checking sends the legitimacy of the mobile communication equipment of authorization requests sign indicating number.If the authorization requests of receiving comes from the equipment of not registering in authoring system, then licensing process stops (step 207).
8) the decryption device decrypt authorized request code (step 208) of authorization server end.
9) authorization server is according to the parameter detecting authorization requests sign indicating number legitimacies such as user identity of current time, request mandate.Owing to certain life cycle that has of authorization requests sign indicating number, if the authorization requests sign indicating number is overtime, then authorization server will stop licensing process; If authorization requests sign indicating number testing result shows authorization requests sign indicating number illegal (as the request that the do not meet user identity of authorizing, do not meet the feature that is authorized to visit hardware or authorization requests for forging etc.), licensing process also will stop (step 209).
10) the authorization requests sign indicating number is by after verifying, authorization server generates authorization code (step 210) according to the authorization requests sign indicating number.
11) the encryption device encrypted authorization code of authorization server end, and be sent to the mobile communication equipment (step 211 among the figure) that sends respective request.
12) authorization server record this visit request (step 212).This step is optional.
 
Fig. 3 has provided the flow chart that receives licensing process, and process is as follows:
1) mobile communication equipment receives the authorization code (step 301) of the encryption of authorization server transmission.
2) mobile communication equipment moves the decryption software decrypt authorized sign indicating number (step 302) on it.
3) authorization code inputs to by short range transmission technology (as the Bluetooth wireless transmission technology) or user and is authorized to equipment (step 303).
4) be authorized to terminal and detect authorization code legitimacy (step 304) according to the information that comprises in current time and the authorization code.
5) if authorization code is proved to be successful, the user obtains and the access permission (step 305) that is authorized to the storage system that terminal is connected.
6) authorization code has certain life cycle, and is overtime as if the authorization code that receives, then authorization failure; If authorization requests sign indicating number checking result shows that authorization code is illegal, then authorize also will fail (step 306).
Described Fig. 2, Fig. 3 are at the authorization flow that adopts mobile communication equipment as communication equipment, if adopt the normal telephone of registering in authoring system as communication equipment, then authorization requests code encryption process and authorization code decrypting process are then finished by being authorized to terminal.
Above-described only is preferred implementation of the present invention, the invention is not restricted to above embodiment.Be appreciated that other improvement and variation that those skilled in the art directly derive or associate under the prerequisite that does not break away from spirit of the present invention and design, all should think to be included within protection scope of the present invention.

Claims (10)

1. storage system access authorization methods based on communication network, it is characterized in that: the internet that will be authorized between computer and the authorization server isolates, and between is provided with third party device, described third party device is as sending the authorization requests sign indicating number and receive the intermediate equipment of authorization code, its communication network by being independent of the internet be authorized to the information interaction that computer and authorization server carry out licensing process and receive licensing process.
2. according to the described storage system access authorization methods of claim 1, it is characterized in that comprising the request licensing process and receive licensing process that concrete steps are as follows based on communication network:
The request licensing process is carried out following steps successively:
1) is being authorized to operation authorization requests sign indicating number generator on the ustomer premises access equipment;
2) authorization requests sign indicating number generator is according to the legitimacy of the identification password authentification user identity of user's input; If identification password authentification result shows this user and does not meet the user identity that request is authorized that then licensing process stops;
3) authorization requests sign indicating number generator generates the authorization requests sign indicating number;
4) the authorization requests sign indicating number inputs to communication equipment by short range transmission technology or user;
5) be authorized to the user side communication equipment authorization requests sign indicating number is sent to authorization server by communication network;
6) authorization server end equipment receives the authorization requests sign indicating number that communication equipment sends;
7) device authentication of authorization server end sends the legitimacy of the communication equipment of authorization requests sign indicating number; If the checking testing result shows that this communication equipment is illegal, then licensing process stops;
8) legitimacy of authorization server checking authorization requests sign indicating number; If the checking testing result shows that this authorization requests sign indicating number is illegal, then licensing process stops;
9) the authorization requests sign indicating number is by after verifying, authorization server generates authorization code according to the authorization requests sign indicating number;
10) authorization server end equipment with authorization code be sent to send respective request be authorized to the user side communication equipment;
Receive licensing process and carry out following steps successively:
11) be authorized to the user side communication equipment and receive the authorization code that authorization server sends;
12) authorization code inputs to by short range transmission technology or user and is authorized to user side;
13) be authorized to the legitimacy that user side is verified authorization code;
14) if authorization code is proved to be successful, the user obtains and the access permission that is authorized to the storage system that ustomer premises access equipment is connected;
15) show that as if the checking testing result this authorization code is illegal, then authorization failure.
3. according to the described storage system access authorization methods of claim 2, it is characterized in that also comprising the steps: 10 ' after the described step 10 based on communication network) authorization server record this visit request.
4. according to claim 2 or 3 described storage system access authorization methods based on communication network, it is characterized in that described step 3 and step 9 generate in the process of authorization requests sign indicating number and authorization code, the hardware device features, subscriber identity information and the current time that are authorized to terminal all will be as the input variables of generating algorithm.
5. according to claim 2 or 3 described storage system access authorization methods based on communication network, it is characterized in that authorization requests sign indicating number and authorization code that described step 3 and step 9 generate are one to one, all have for one effective period, only effective in time effective period; Also do not receive authorization code after the authorization requests sign indicating number generates in time effective period, then this authorization requests sign indicating number will be because of overtime automatic calcellation; Be not input in time effective period after authorization code generates and be authorized to terminal, then this authorization code also will be because of overtime automatic calcellation.
6. according to claim 2 or 3 described storage system access authorization methods based on communication network, it is characterized in that in the process of described step 8 and step 13 checking authorization requests sign indicating number and authorization code, adopt the multifactor authentication process, for user's user identity, to the hardware characteristics that is authorized to equipment, sending the authorization requests sign indicating number and receive the hardware characteristics of the communication equipment of authorization code all will be by checking.
7. according to claim 2 or 3 described storage system access authorization methods based on communication network, it is characterized in that in the process of described step 8 and step 13 checking authorization requests sign indicating number and authorization code, need be to authorization requests sign indicating number and authorization code overtime checking the whether.
8. according to claim 2 or 3 described storage system access authorization methods based on communication network, the communication equipment that it is characterized in that described transmission authorization requests sign indicating number and receive authorization code is independent of the described terminal that is authorized to, and the communication network that is used to send and receive authorization requests sign indicating number and authorization code also is independent of and is authorized to terminal.
9. according to claim 2 or 3 described storage system access authorization methods based on communication network, the communication equipment that it is characterized in that described transmission authorization requests sign indicating number and receive authorization code is the equipment of registering in the authorization server system; Authorization server is verified the consistency of device registration information in described communication equipment and the authorization server system in the described step 7, if the authorization requests of receiving comes from the equipment of not registering in the authorization server system, then licensing process stops.
10. according to claim 2 or 3 described storage system access authorization methods based on communication network, it is characterized in that described authorization requests sign indicating number and authorization code transmit in the encrypted ciphertext mode in transport process, the ciphering process of authorization requests sign indicating number and the decrypting process of authorization code are finished by being authorized to ustomer premises access equipment, and the decrypting process of authorization requests sign indicating number and the ciphering process of authorization code are finished by authorization server end equipment.
CN2011100047165A 2011-01-12 2011-01-12 Memory system access authorizing method based on communication network Pending CN102065148A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011100047165A CN102065148A (en) 2011-01-12 2011-01-12 Memory system access authorizing method based on communication network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011100047165A CN102065148A (en) 2011-01-12 2011-01-12 Memory system access authorizing method based on communication network

Publications (1)

Publication Number Publication Date
CN102065148A true CN102065148A (en) 2011-05-18

Family

ID=44000247

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011100047165A Pending CN102065148A (en) 2011-01-12 2011-01-12 Memory system access authorizing method based on communication network

Country Status (1)

Country Link
CN (1) CN102065148A (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268434A (en) * 2013-06-07 2013-08-28 四川九洲电器集团有限责任公司 Embedded type system and remote injection running method thereof
CN103930896A (en) * 2011-09-29 2014-07-16 苹果公司 Indirect authentication
CN104852802A (en) * 2014-02-17 2015-08-19 腾讯科技(深圳)有限公司 Identity verification method, equipment, and system
CN105117657A (en) * 2015-07-22 2015-12-02 南京邮电大学 Smart service based open authorization access design method and system
CN105391693A (en) * 2015-10-20 2016-03-09 浪潮软件集团有限公司 Intelligent terminal authorization method and device
CN105915506A (en) * 2015-02-20 2016-08-31 西门子公司 Method And Apparatus For Providing A Safe Operation Of A Subsystem Within A Safety Critical System
CN106330933A (en) * 2016-08-30 2017-01-11 深圳市双赢伟业科技股份有限公司 Intelligent medicine fetching method and system
CN106411848A (en) * 2016-08-30 2017-02-15 深圳市双赢伟业科技股份有限公司 Intelligent medicine getting method and system
CN106559384A (en) * 2015-09-25 2017-04-05 阿里巴巴集团控股有限公司 A kind of utilization public number realizes the method and device for logging in
CN106685912A (en) * 2016-08-09 2017-05-17 厦门天锐科技股份有限公司 Secure access method of application system
CN108324284A (en) * 2017-01-20 2018-07-27 华广生技股份有限公司 Physiological parameter monitoring system
CN108600218A (en) * 2018-04-23 2018-09-28 捷德(中国)信息科技有限公司 A kind of remote authorization system and remote-authorization method
US10142835B2 (en) 2011-09-29 2018-11-27 Apple Inc. Authentication with secondary approver
CN110169035A (en) * 2017-01-17 2019-08-23 维萨国际服务协会 Bound secret with protocol characteristic
US10395128B2 (en) 2017-09-09 2019-08-27 Apple Inc. Implementation of biometric authentication
US10521579B2 (en) 2017-09-09 2019-12-31 Apple Inc. Implementation of biometric authentication
US10902424B2 (en) 2014-05-29 2021-01-26 Apple Inc. User interface for payments
US10956550B2 (en) 2007-09-24 2021-03-23 Apple Inc. Embedded authentication systems in an electronic device
US10992795B2 (en) 2017-05-16 2021-04-27 Apple Inc. Methods and interfaces for home media control
US10996917B2 (en) 2019-05-31 2021-05-04 Apple Inc. User interfaces for audio media control
US11037150B2 (en) 2016-06-12 2021-06-15 Apple Inc. User interfaces for transactions
US11074572B2 (en) 2016-09-06 2021-07-27 Apple Inc. User interfaces for stored-value accounts
US11100349B2 (en) 2019-06-28 2021-08-24 Apple Inc. Audio assisted enrollment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040107342A1 (en) * 2002-07-22 2004-06-03 Duc Pham Secure network file access control system
CN1741104A (en) * 2005-09-09 2006-03-01 中国工商银行 Long-distance authorizing system and method
CN1964272A (en) * 2005-11-09 2007-05-16 陈宏宪 A method and device to safely exchange computer data
CN101827101A (en) * 2010-04-20 2010-09-08 中国人民解放军理工大学指挥自动化学院 Information asset protection method based on credible isolated operating environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040107342A1 (en) * 2002-07-22 2004-06-03 Duc Pham Secure network file access control system
CN1741104A (en) * 2005-09-09 2006-03-01 中国工商银行 Long-distance authorizing system and method
CN1964272A (en) * 2005-11-09 2007-05-16 陈宏宪 A method and device to safely exchange computer data
CN101827101A (en) * 2010-04-20 2010-09-08 中国人民解放军理工大学指挥自动化学院 Information asset protection method based on credible isolated operating environment

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10956550B2 (en) 2007-09-24 2021-03-23 Apple Inc. Embedded authentication systems in an electronic device
CN103930896A (en) * 2011-09-29 2014-07-16 苹果公司 Indirect authentication
CN107818258A (en) * 2011-09-29 2018-03-20 苹果公司 Indirect certification
US10516997B2 (en) 2011-09-29 2019-12-24 Apple Inc. Authentication with secondary approver
US10419933B2 (en) 2011-09-29 2019-09-17 Apple Inc. Authentication with secondary approver
US10142835B2 (en) 2011-09-29 2018-11-27 Apple Inc. Authentication with secondary approver
CN103268434A (en) * 2013-06-07 2013-08-28 四川九洲电器集团有限责任公司 Embedded type system and remote injection running method thereof
CN104852802B (en) * 2014-02-17 2017-08-25 腾讯科技(深圳)有限公司 Auth method, equipment and system
CN104852802A (en) * 2014-02-17 2015-08-19 腾讯科技(深圳)有限公司 Identity verification method, equipment, and system
US10977651B2 (en) 2014-05-29 2021-04-13 Apple Inc. User interface for payments
US10902424B2 (en) 2014-05-29 2021-01-26 Apple Inc. User interface for payments
CN105915506A (en) * 2015-02-20 2016-08-31 西门子公司 Method And Apparatus For Providing A Safe Operation Of A Subsystem Within A Safety Critical System
CN105117657B (en) * 2015-07-22 2018-04-20 南京邮电大学 A kind of design method and system of the open mandate access based on intelligence s ervice
CN105117657A (en) * 2015-07-22 2015-12-02 南京邮电大学 Smart service based open authorization access design method and system
CN106559384A (en) * 2015-09-25 2017-04-05 阿里巴巴集团控股有限公司 A kind of utilization public number realizes the method and device for logging in
CN105391693A (en) * 2015-10-20 2016-03-09 浪潮软件集团有限公司 Intelligent terminal authorization method and device
US11037150B2 (en) 2016-06-12 2021-06-15 Apple Inc. User interfaces for transactions
CN106685912B (en) * 2016-08-09 2020-06-12 厦门天锐科技股份有限公司 Safety access method of application system
CN106685912A (en) * 2016-08-09 2017-05-17 厦门天锐科技股份有限公司 Secure access method of application system
CN106411848A (en) * 2016-08-30 2017-02-15 深圳市双赢伟业科技股份有限公司 Intelligent medicine getting method and system
CN106330933A (en) * 2016-08-30 2017-01-11 深圳市双赢伟业科技股份有限公司 Intelligent medicine fetching method and system
CN106330933B (en) * 2016-08-30 2019-09-13 深圳市双赢伟业科技股份有限公司 Intelligence takes medicine method and system
US11074572B2 (en) 2016-09-06 2021-07-27 Apple Inc. User interfaces for stored-value accounts
CN110169035A (en) * 2017-01-17 2019-08-23 维萨国际服务协会 Bound secret with protocol characteristic
CN108324284A (en) * 2017-01-20 2018-07-27 华广生技股份有限公司 Physiological parameter monitoring system
US10992795B2 (en) 2017-05-16 2021-04-27 Apple Inc. Methods and interfaces for home media control
US11095766B2 (en) 2017-05-16 2021-08-17 Apple Inc. Methods and interfaces for adjusting an audible signal based on a spatial position of a voice command source
US10410076B2 (en) 2017-09-09 2019-09-10 Apple Inc. Implementation of biometric authentication
US10872256B2 (en) 2017-09-09 2020-12-22 Apple Inc. Implementation of biometric authentication
US10783227B2 (en) 2017-09-09 2020-09-22 Apple Inc. Implementation of biometric authentication
US10521579B2 (en) 2017-09-09 2019-12-31 Apple Inc. Implementation of biometric authentication
US10395128B2 (en) 2017-09-09 2019-08-27 Apple Inc. Implementation of biometric authentication
CN108600218A (en) * 2018-04-23 2018-09-28 捷德(中国)信息科技有限公司 A kind of remote authorization system and remote-authorization method
US11010121B2 (en) 2019-05-31 2021-05-18 Apple Inc. User interfaces for audio media control
US10996917B2 (en) 2019-05-31 2021-05-04 Apple Inc. User interfaces for audio media control
US11100349B2 (en) 2019-06-28 2021-08-24 Apple Inc. Audio assisted enrollment

Similar Documents

Publication Publication Date Title
CN102065148A (en) Memory system access authorizing method based on communication network
CN1913427B (en) System and method for encrypted smart card PIN entry
CN1708942B (en) Secure implementation and utilization of device-specific security data
US8909932B2 (en) Method and apparatus for security over multiple interfaces
CN100410829C (en) Granting an access to a computer-based object
US20060280297A1 (en) Cipher communication system using device authentication keys
US9215070B2 (en) Method for the cryptographic protection of an application
US20170230365A1 (en) Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device
CN103326862A (en) Electronically signing method and system
CN100561913C (en) A kind of method of access code equipment
Cheng et al. A secure and practical key management mechanism for NFC read-write mode
CN109035519B (en) Biological feature recognition device and method
CN102801730A (en) Information protection method and device for communication and portable devices
CN102647279B (en) Encryption method, encrypted card, terminal equipment and interlocking of phone and card device
CN101140605A (en) Data safety reading method and safety storage apparatus thereof
CN103164661A (en) Device and method used for managing data in terminal
CN102056156B (en) Computer Data Security is downloaded to the method and system of mobile terminal
CN101777097A (en) Monitorable mobile storage device
CN101539978B (en) Software protection method based on space
CN101159542B (en) Method and system for saving and/or obtaining authentication parameter on terminal network appliance
CN1913547B (en) Card distributing user terminer, paying center, and method and system for protecting repaid card data
CN101197822B (en) System for preventing information leakage and method based on the same
CN101902610A (en) Method for realizing secure communication between IPTV set top box and smart card
CN106027473A (en) Identity card reading terminal and cloud authentication platform data transmission method and system
CN108184230B (en) System and method for realizing encryption of soft SIM

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110518