CN102222390B - Multifunctional intelligent key device and working method thereof - Google Patents
Multifunctional intelligent key device and working method thereof Download PDFInfo
- Publication number
- CN102222390B CN102222390B CN2011101826528A CN201110182652A CN102222390B CN 102222390 B CN102222390 B CN 102222390B CN 2011101826528 A CN2011101826528 A CN 2011101826528A CN 201110182652 A CN201110182652 A CN 201110182652A CN 102222390 B CN102222390 B CN 102222390B
- Authority
- CN
- China
- Prior art keywords
- dynamic password
- module
- intelligent key
- trigger message
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a multifunctional intelligent key device and a working method thereof, belonging to the field of information security. The device comprises a USB (universal serial bus) interface module, a judgment module, an analysis module, a signing module, a dynamic password module, an output module, a keying module and a power module. The working method comprises the steps of: after the intelligent key device receives trigger information message released by a host machine, then analyzing the trigger information message to obtain trigger information, judging whether the trigger information contains data to be signed, if so, extracting key information, waiting to receive operation trigger information, and if not, carrying out corresponding operation according to the trigger information; and after the intelligent key device receives the operation trigger information, judging whether the operation trigger information is executable confirmation information, if so, acquiring a dynamic password and processing the dynamic password and the data to be signed, and if not, outputting cancellation prompting information.
Description
Technical field
The present invention relates to information security field, particularly a kind of multifunction intelligent key device and method of work thereof.
Background technology
Along with the application more and more widely of the Internet quilt, Web bank also claims online bank, has become a part indispensable in financial institution's whole strategy.In recent years, the number of users of Web bank increases severely, and is keeping stable growth momentum, when it provides convenient service for users, has also exposed the potential safety hazard that can not be ignored.
Each bank takes action one after another to hidden danger, in using by all kinds of means at present authenticating user identification is generally adopted dual mode, and a kind of dynamic token that is to use generates equipment as the password that lands Net silver and completion transfer of data; A kind of in addition, also be that application is more a kind of, be to adopt the carrier of USB Key as digital certificate, be applied to the data transfer operation of Web bank.
Dynamic token is with the terminal that generates dynamic password; Dynamic password is a uncertain random digit combination that generates according to dedicated algorithms; The authentication mode that adopts dynamic password be exactly each when the user logins except importing conventional static password, also to import a dynamic password that at every turn all can change; USB Key is the client solution that most of banks adopt; Use USB Key to deposit the digital certificate and the private key for user of the unique identity of representative of consumer; User's private key is in the USB of high degree of safety Key, to produce, and can not export to USB Key outside all the life.
Comprising at present that each bank and USB Key manufacturer all are devoted to pursue a kind ofly can cover all and pay range of application by all kinds of means, and can't obtain unified safety means aspect ease for use and the fail safe.Dynamic token is easy to use, need not connect computer and use, but peeped perhaps by the fishing website utilization by other people easily; USB Key in use has digital certificate to participate in, though have certain fail safe, the encrypted data transmission process still might be distorted by the hacker, appears privacy of user, has the potential safety hazard of shopping online payment.
Summary of the invention
In view of the deficiency of prior art,, the invention provides a kind of intelligent key apparatus and method thereof that has possessed USB KEY and dynamic token function simultaneously in order to improve security of products and to realize multifunctional application.
The technical scheme that the present invention adopts is following:
A kind of multifunction intelligent key device comprises:
Usb interface module connects with main frame, as data communication interface, is used for receiving or sending data;
Judge module; Be used to judge whether to receive the trigger message message that main frame issues; Be used for judging whether trigger message has data to be signed, also be used for judging whether receive the operation trigger message in the given time, and judge whether said operation trigger message is the affirmation information of carrying out;
Parsing module is used for the said trigger message message that said main frame issues resolved and obtains trigger message, is used for obtaining key message from said data to be signed, also is used for said key message and data to be signed are sent to said dynamic password module;
Second memory module is used for storage key and digital certificate;
The dynamic password module comprises dynamic password generation unit, first memory cell and output unit, wherein,
The dynamic password generation unit is used to generate dynamic password;
First memory cell is used to store the dynamic password of the static factor, dynamic factor and said generation;
Output unit is used to export the dynamic password of said generation and the key message that said parsing module sends;
Key-press module is used for the input operation trigger message, is connected with said judge module or dynamic password module;
Acquisition module is used for obtaining dynamic password from said dynamic password generation unit or from said first memory cell;
Signature blocks, said data to be signed that are used for said parsing module is sent and the said dynamic password that obtains are handled and are obtained the result that signs;
Power module is said dynamic password module for power supply when being used for off line.
It is said device power supply that said usb interface module also is used for obtaining electric energy from main frame when online.
Said dynamic factor is time factor or generates dynamic password time numerical value.
Said dynamic password generation unit is used for calculating the generation dynamic password according to the dynamic factor and the static factor.
Said key-press module also is used to import challenging value.
Said dynamic password generation unit is used for calculating the generation dynamic password according to dynamic factor, the static factor and challenging value.
Said key-press module comprises cancel key and acknowledgement key.
Said key-press module also comprises page turning key and following page turning key.
Said signature blocks is added on the said dynamic password that obtains forms the signature original text in the said data to be signed; Said signature original text is carried out hash calculation obtain cryptographic hash and fill, the cryptographic hash after using key in first memory module to said filling is carried out computations and is obtained the result that signs.
Said signature blocks is carried out hash calculation to said data to be signed and is obtained cryptographic hash, and said cryptographic hash and the said dynamic password that obtains are made up, and combined result is carried out computations obtain the result that signs.
Said signature blocks is carried out hash calculation with said data to be signed and is obtained cryptographic hash, carries out computations after more said cryptographic hash being filled, and said data encrypted and the said dynamic password that obtains are formed the signature result.
Said a kind of multifunction intelligent key device also comprises electric current isolated communication module, and blocking-up flows to the electric current of said usb interface module, parsing module, judge module, acquisition module, second memory module and signature blocks when being used for off line.
Said output unit is display screen and/or voice announcer.
Said display screen is segment encode display screen or dot matrix display screen.
Said display screen also is used to show said data to be signed, and said data to be signed comprise: the number of the account and/or the amount of money and/or time and/or place.
Said output unit also is used for output and confirms information and/or cancellation information and/or overtime information.
A kind of method of work of multifunction intelligent key device comprises:
Steps A: receive first trigger message;
Step B: judging whether said first trigger message is the trigger message message that main frame issues, is execution in step C then, otherwise generates dynamic password and show;
Step C: said trigger message message resolved obtain trigger message, judge whether data to be signed are arranged in the said trigger message; Be execution in step D then, otherwise carry out corresponding operating according to the trigger message that said parsing obtains;
Step D: obtain the key message in the said data to be signed and show;
Step e: judge in Preset Time, whether to receive the operation trigger message; Be to judge then whether said operation trigger message is the affirmation information of carrying out; Be that confirmation is then obtained dynamic password; The said dynamic password that obtains and said data to be signed being handled obtaining the result that signs, is not that confirmation is then exported the cancellation information;
Otherwise export overtime information.
Said first trigger message is the information that send in the clock source of setting in the said device, generates dynamic password among the said step B and is specially: the time factor of storage and the static factor of storage are calculated dynamic password.
Said first trigger message is the button trigger message, comprises challenging value in the said button trigger message, generates dynamic password among the said step B and is specially: the time factor of storage, the static factor and the said challenging value of storage are calculated dynamic password.
Said time factor changes according to preset rules when receiving clock source trigger message.
Said first trigger message is the button trigger message, stores the inferior numerical value that generates dynamic password in the said device, generates dynamic password among the said step B and is specially: the inferior numerical value and the static factor of said storage are calculated dynamic password.
Said first trigger message is the button trigger message; Said button trigger message comprises the challenging value through the button input; Store the inferior numerical value that generates dynamic password in the said device, generate dynamic password among the said step B and be specially: the inferior numerical value of said storage, the static factor and the challenging value of storage are calculated dynamic password.
Before or after calculating dynamic password, the dynamic password of said storage is generated time numerical value change according to preset rules, the former dynamic password of storage is generated the inferior numerical value after time numerical value replaces with variation.
The said dynamic password that obtains is: obtain the dynamic password of current generation or the dynamic password that obtaining step E generates and stores before.
The dynamic password of said current generation is:
Calculate the dynamic password of generation according to the time factor of storage and the static factor of storage;
Or according to time factor, the static factor of storage and the dynamic password that challenging value calculates generation stored;
Or the static factor that the dynamic password of storage generates time numerical value and storage is calculated the dynamic password of generation according to the affirmation information of said execution;
Or the dynamic password of storage is generated time numerical value, the static factor of storage and the dynamic password that challenging value calculates generation according to the affirmation information of said execution.
The dynamic password that generates and stores before the said obtaining step E is specially:
Trigger the static factor that dynamic password with storage generates time numerical value and storage according to button before the step e and calculate the generation dynamic password and store, obtain the dynamic password of said storage;
Or before step e, trigger the static factor and challenging value that dynamic password with storage generates time numerical value, storage according to button and calculate and generate dynamic password and store, obtain the dynamic password of said storage.
Said challenging value is the number of the challenge code that issues of main frame or the key-press module input through said device.
Saidly the said dynamic password that obtains and said data to be signed handled the result that obtains signing be specially:
Said dynamic password that obtains and said data to be signed are formed the signature original text; Said signature original text is carried out hash calculation obtain cryptographic hash and fill, the cryptographic hash after the said filling is carried out computations obtain the result that signs.
Saidly the said dynamic password that obtains and said data to be signed handled the result that obtains signing be specially:
Said data to be signed are carried out hash calculation obtain cryptographic hash, said cryptographic hash is filled the back make up with the said dynamic password that obtains; Combined result is carried out computations obtain the result that signs.
Saidly the said dynamic password that obtains and said data to be signed handled the result that obtains signing be specially:
Said data to be signed are carried out hash calculation obtain cryptographic hash, carry out computations after again cryptographic hash being filled, said data encrypted and the said dynamic password that obtains are formed the signature result.
Said composition mode is splicing or combined crosswise.
Said affirmation information, cancellation information and overtime information are with display mode output and/or voice broadcasting modes output.
Said dynamic password and key message are through display mode output.
Said display mode is captions rolling or turns over screen.
The said screen mode of turning over is specially: every turn over one page at a distance from setting-up time, or through on turn over button with under turn over by key control and turn over screen.
Beneficial effect of the present invention is: a kind of multifunction intelligent key device has the function of dynamic token and two types of safety products of USBKEY simultaneously concurrently, satisfies use more, and has improved fail safe.
Description of drawings
Fig. 1 is the installation drawing of a kind of multifunction intelligent key device of providing of the embodiment of the invention one;
Fig. 2 is the specific functional modules block diagram of a kind of multifunction intelligent key device of providing of the embodiment of the invention two;
Fig. 3 is the method for work flow chart of a kind of multifunction intelligent key device of providing of the embodiment of the invention three;
Fig. 4 is the method for work flow chart of the another kind of multifunction intelligent key device that provides of the embodiment of the invention four.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing and specific embodiment that the present invention is done further below and specify.
Embodiment one
Referring to Fig. 1; The embodiment of the invention one provides a kind of multifunction intelligent key device, and said intelligent key apparatus comprises judge module 101, usb interface module 102, parsing module 103, signature blocks 104, dynamic password module 105, second memory module 106, acquisition module 107, key-press module 108 and power module 109.Wherein dynamic password module 105 comprises dynamic password generation unit 1051, output unit 1052, first memory cell 1053.The function of above-mentioned each module, unit is following:
Judge module 101: link to each other with usb interface module 102; Be used to judge whether to receive the trigger message message that main frame issues; Be used for judging whether the trigger message that parsing module 103 parses contains data to be signed; Whether be used for judging whether receive the operation trigger message in the given time, also being used for the decision operation trigger message is confirmation;
Usb interface module 102: link to each other with judge module 101, parsing module 103; The passage that connects between intelligent key apparatus that provides as present embodiment and the main frame; Be used for receiving or send data as data communication interface; When said intelligent key apparatus was online, also being used for obtaining electric energy from main frame was said intelligent key apparatus power supply;
Parsing module 103: link to each other with usb interface module 102, signature blocks 104, dynamic password module 105; Be used to resolve the trigger message message and obtain trigger message, also be used for obtaining the key message of trigger message data to be signed and said key message and data to be signed are sent to said dynamic password module 105;
Signature blocks 104: link to each other with parsing module 103, second memory module 106, acquisition module 107, key-press module 108, be used for data to be signed and dynamic password are handled the original text and the signature original text signed of obtaining signing;
Dynamic password module 105: link to each other with parsing module 103, acquisition module 107, power module 109;
Dynamic password generation unit 1051: with output unit 1052, first memory cell 1053, link to each other; Be used to obtain dynamic factor, the static factor and challenging value, be used for dynamic factor and the static factor is calculated or dynamic factor, the static factor and challenging value are calculated dynamic password;
Said dynamic factor is time factor or generates dynamic password time numerical value, and said challenging value is the challenge code that issues of main frame or the number through the input of device button;
Output unit 1052: link to each other with dynamic password generation unit 1051, be used to export dynamic password, key message, data to be signed, overtime information, confirm information, cancellation information;
Particularly; Said output unit 1052 can be display screen and/or voice announcer; Said display screen is segment encode display screen or dot matrix display screen; Said overtime information, affirmation information and cancellation information are with display mode output and/or voice broadcasting modes output, and said dynamic password and key message are exported through display mode, and said display mode is captions rolling or turns over screen; The said screen mode of turning over is specially: every turn over one page at a distance from setting-up time, or through on turn over button with under turn over by key control and turn over screen;
First memory cell 1053: link to each other with dynamic password generation unit 1051, be used to store the dynamic factor and the static factor, also be used to store the dynamic password of current generation;
Particularly, said dynamic factor is time factor or generates dynamic password time numerical value;
Second memory module 106: link to each other with signature blocks 104, be used to store digital certificate and key;
Acquisition module 107: link to each other with dynamic password module 105 with signature blocks 104; Be used for from the dynamic password generation unit 1051 of dynamic password module 105 or first memory cell 1053, obtaining dynamic password, and the dynamic password that obtains is sent to signature blocks 104;
Key-press module 108: link to each other with signature blocks 104, be used to receive challenging value and/or operation trigger message;
Can realize normal explicit or button dynamic token function during intelligent key apparatus off line that the embodiment of the invention provides, be button dynamic token function when what realize, and key-press module 108 also links to each other with dynamic password generation unit 1051.
Particularly; The operation trigger message comprises confirmation, cancellation information, generates dynamic password information; Key-press module described in the present embodiment 108 comprises acknowledgement key, cancel key, also comprises dynamic password generation key, digital keys, goes up page turning key, following page turning key, and said acknowledgement key is used for triggering the generation confirmation and/or is used for trigger equipment generation dynamic password; Dynamic password generates key and is used for trigger equipment generation dynamic password; Said cancel key is used for triggering the cancellation information that generates, and said upward page turning key, following page turning key are used for control display screen and turn over screen, and said digital keys is used to import challenging value;
Power module 109: link to each other with dynamic password module 105, be its power supply during the intelligent key apparatus off line that is used for providing in the embodiment of the invention.
A kind of multifunction intelligent key device that present embodiment provides can also comprise electric current isolated communication module; Blocking-up flows to the not electric current of operational module of said intelligent key apparatus when being used for off line, and said not operational module comprises: judge module 101, usb interface module 102, parsing module 103, signature blocks 104, second memory module 106 and acquisition module 107.
Embodiment two
Referring to Fig. 2; The embodiment of the invention two provides a kind of multifunction intelligent key device, and said intelligent key apparatus comprises USB module 2001, power protection module 2002, usb communication protection module 2003, first crystal oscillating circuit 2004, the first chip reset module 2005, FLASF module 2006, led circuit 2007, isolated from power communication module 2008, key-press module 2009, Key main control chip and dynamic password module; The dynamic password module comprises Liquid Crystal Module 2015, second crystal oscillating circuit 2016, power supply handover module 2017, battery module 2018, the second chip reset circuit 2019, program download interface and communication interface 2020, online identification module 2021 and dynamic password main control chip.
Said Key main control chip comprises usb communication module 2010, the first crystal oscillation module 2011, SPI module 2012, GPIO module 2013,3.3V output module 2014 and key module 2015; Said dynamic password main control chip comprises LCD driver module 2022, the second crystal oscillation module 2023 and IO module 2024.
Usb communication module 2010 in the Key main control chip links to each other with usb communication protection module 2003; Usb communication protection module 2003 links to each other with USB module 2001; Intelligent key apparatus and main frame that the three is used for present embodiment and provides connect; Be used for receiving or sending data as data communication interface, also be used for said intelligent key apparatus when online, obtaining electric energy from main frame is the intelligent key apparatus power supply; The first crystal oscillation module 2011 links to each other with first crystal oscillating circuit 2004, is used to the Key main control chip clock frequency is provided; SPI module 2012 links to each other with FLASH module 2006, and FLASH module 2006 is used to store character library and ISO file; GPIO module 2013 links to each other with led circuit 2007, isolated from power communication module 2008, Keysheet module 2009; Led circuit 2007 is used to indicate the operating state of Key main control chip; Electric current isolated communication module 2008 is used for communicating between Key main control chip and the dynamic password main control chip when said intelligent key apparatus is online; When said intelligent key apparatus off line, be used to block the electric current that flows to the Key main control chip, Keysheet module 2009 is used for receiving the operation trigger message; 3.3V output module 2014 links to each other with FLASH module 2006, Keysheet module 2009, is used to FLASH module 2006 and with Keysheet module 2009 3.3V is provided operating voltage, key module 2015 is used for storage key and digital certificate; The Key main control chip also links to each other with the first chip reset circuit 2005.
Above-mentioned Key main control chip is used to receive the data that processing host issues, and generates the signature original text, and the signature original text is carried out signature calculation.
The LCD driver module 2022 of dynamic password main control chip links to each other with Liquid Crystal Module 2015, and Liquid Crystal Module 2015 is used to show dynamic password, key message and information; The second crystal oscillation module 2023 links to each other with second crystal oscillating circuit 2016, is used to the dynamic password main control chip clock frequency is provided; IO module 2024 links to each other with electric current isolated communication module 2008, program download interface and communication interface 2020, online identification module 2021, and online identification module 2021 is used to judge whether said intelligent key apparatus is connected with main frame; The dynamic password main control chip also links to each other with power supply handover module 2017, the second chip reset module 2019; Power supply handover module 2017 links to each other with power protection module 2002, battery module 2018; Being used for said intelligent key apparatus, to obtain electric energy from USB interface when online be said device power supply, is said device power supply by battery module during off line.
Above-mentioned dynamic password main control chip is used for generating key element generation dynamic password and being used to control Liquid Crystal Module 2015 video datas according to the dynamic password of chip internal storage.
Embodiment 3
Referring to Fig. 3, the embodiment of the invention 3 provides a kind of method of work of multifunction intelligent key device, and concrete steps are following:
Step 301: receive first trigger message;
Particularly; Said first trigger message is trigger message message or the clock trigger message that main frame issues; The clock source is every at a distance from Preset Time section tranmitting data register trigger message; As whenever sending a clock trigger message at a distance from 30 seconds or 60 seconds, said clock trigger message is used for the triggered time factor to be changed according to preset rules;
Step 302: judging whether first trigger message is the trigger message message that main frame issues, is execution in step 305 then, otherwise execution in step 303;
Step 303: generate dynamic password according to time factor and static factor calculation;
Step 304: the dynamic password of storing and export current generation;
Step 305: resolve the trigger message message, draw trigger message;
Step 306: judging whether contain data to be signed in the trigger message, is execution in step 308 then, otherwise execution in step 307;
Particularly, said data to be signed comprise: the number of the account and/or the amount of money and/or time and/or place;
Step 307:, or data designated in the trigger message is carried out the signature operation result that also will sign return to main frame according to the reading command reading of data in the trigger message and the said data that read are returned to main frame; Or the corresponding operation of other command execution that issues according to main frame;
Particularly, the process of above-mentioned signature operation is encrypted with key cryptographic hash for need the cryptographic hash of signed data with hash algorithm calculating, and encrypted result is the signature result;
Step 308: obtain the key message in the data to be signed;
Particularly, said key message can comprise all or part of of information such as number of the account, the amount of money, time, place;
Step 309: output key message and operation prompt information, wait for receiving the operation trigger message;
Particularly, operation prompt information is used to point out the user to carry out next step operation;
Step 310: judging whether it receives the operation trigger message in the given time, is execution in step 312 then, otherwise execution in step 311;
Step 311: export overtime information, and return overtime information and give main frame;
Step 312: device judges whether the operation trigger message receive is confirmation, is order execution in step 314 then, otherwise execution in step 313;
Step 313: output cancellation information, and return said cancellation information and give main frame;
Step 314: information is confirmed in output;
Step 315: device obtains dynamic password, itself and data to be signed is handled obtaining the original text of signing;
Particularly; Said dynamic password is the dynamic password of the said intelligent key apparatus storage inside of current time, and said signature original text can be the combination of data to be signed and dynamic password, or data to be signed; The mode of said combination is splicing or combined crosswise; Side in the two that soon need make up does on the as a whole the opposing party's of adding to the optional position, or the side in the two is split, and the various piece after splitting is added to respectively on the opposing party's the optional position; For example data to be signed are that one fen ∧ people of so-and-so ∧ toAcctId=0987654321098765 ∧ toAccName=Zhang ∧ trnAmt=0.01 ∧ fromAcctAmtBig=of 0000037000000362$RealTimeTransferAct$handingCharge=1.00 ∧ fromAcctId=1234567890123456789 ∧ Lee fromAccName=transfers accounts; Dynamic password is 111111; The combination of the two can be that one fen ∧ people of so-and-so ∧ toAcctId=0987654321098765 ∧ toAccName=Zhang ∧ trnAmt=0.01 ∧ fromAcctAmtBig=of 1111110000037000000362$RealTimeTransferAct$handingCharge=1.00 ∧ fromAcctId=1234567890123456789 ∧ Lee fromAccName=transfers accounts; Or one fen ∧ people of so-and-so ∧ toAcctId=0987654321098765 ∧ toAccName=Zhang ∧ trnAmt=0.01 ∧ fromAcctAmtBig=of 0000037000000362$RealTimeTransferAct$handingCharge=1.00 ∧ fromAcctId=1234567890123456789 ∧ Lee fromAccName=transfers accounts 111111, or one fen ∧ people of so-and-so ∧ toAcctId=0987654321098765 ∧ toAccName=Zhang ∧ trnAmt=0.01 ∧ fromAcctAmtBig=of 1110000037000000362$RealTimeTransferAct$handingCharge=1. 00 ∧ fromAcctId=1234567890123456789 ∧ Lee fromAccName=transfers accounts 111.
Step 316: device carries out signature operation to the signature original text, and the result that will sign returns to main frame.
Particularly; When the signature original text is the combination of data to be signed and dynamic password; The process of signature uses key that the data after filling are encrypted for to fill with the cryptographic hash of hash algorithm compute signature original text and by preset rules, and encrypted result is the signature result; When the signature original text was data to be signed, the process of signature has two kinds, and was a kind of for to fill with the cryptographic hash of hash algorithm compute signature original text and by preset rules; Encryption again after data after filling and dynamic password made up; Encrypted result is the signature result, and is another kind of for to calculate data to be signed with hash algorithm, and the cryptographic hash after calculating is filled by preset rules; Use key to the data encryption after filling, with the combination of encrypted result and dynamic password as the result that signs.Said dynamic password is the dynamic password of current time device storage inside, and the mode of said combination is splicing or combined crosswise.
Embodiment four
With reference to Fig. 4, the method for work of the another kind of multifunction intelligent key device that the embodiment of the invention four provides, concrete steps are following:
Step 401: receive first trigger message;
Particularly, said first trigger message is trigger message message or the button trigger message that main frame issues;
Step 402: judging whether first trigger message is the trigger message message that main frame issues, is execution in step 405 then, otherwise execution in step 403;
Step 403: generate first dynamic password according to dynamic factor and static factor calculation;
Particularly, said first dynamic password is that device calculates the dynamic factor and the static factor, and said dynamic factor is time factor or generates dynamic password time numerical value;
Or step 403 is to calculate according to the challenging value in dynamic factor, the static factor and the button trigger message and generate first dynamic password;
Step 404: export first dynamic password;
Step 405: resolve the trigger message message, obtain trigger message;
Step 406: judging whether contain data to be signed in the trigger message, is execution in step 408 then, otherwise execution in step 407;
Step 407: the instruction reading of data that issues according to main frame also returns to main frame with the said data that read, or the data that main frame issues are carried out signature operation and the result that will sign returns to main frame, or the operation of other command execution correspondences that issue according to main frame;
Particularly, the process of above-mentioned signature operation is encrypted with key cryptographic hash for need the cryptographic hash of signed data with hash algorithm calculating, and encrypted result is the signature result;
Step 408: obtain the key message in the data to be signed;
Step 409: output key message and operation prompt information, wait for receiving the operation trigger message;
Particularly, said operation trigger message is used for triggering the affirmation executable operations or triggers the cancellation executable operations;
Step 410: judging whether to receive the operation trigger message in the given time, is execution in step 412 then, otherwise execution in step 411;
Step 411: export overtime information, and return overtime information and give main frame;
Step 412: judging whether the operation trigger message receive is confirmation, is execution in step 414 then, otherwise execution in step 413;
Step 413: output cancellation information, and return the cancellation information and give main frame;
Step 414: information is confirmed in output;
Step 415: device obtains second dynamic password, and itself and data to be signed are handled generation signature original text;
Particularly; Said second dynamic password that obtains is to generate and store after said device gets access to data to be signed; Or device receives and generates after the confirmation; Said second dynamic password is that said intelligent key apparatus calculates dynamic factor, the static factor; Or dynamic factor, the static factor and challenging value calculated, said dynamic factor is time factor or generates dynamic password time numerical value, said challenging value is the challenge code that issues of main frame or the number through the keyboard input; The process of said generation signature original text is with reference to step 315;
Step 416: device returns to main frame to the signature original text signature and the result that will sign.
Particularly, the signature process in this step is with reference to the signature process in the step 316;
In the present embodiment; If said dynamic factor is for generating dynamic password time numerical value, said intelligent key apparatus is at every turn according to after the said generation dynamic password time numerical value generation dynamic password, according to the more newly-generated dynamic password of preset rules time numerical value; And replace former generation dynamic password time numerical value with time numerical value of the generation dynamic password after upgrading; Or device is each generates before the dynamic password, according to the more newly-generated dynamic password of preset rules time numerical value, and replaces the inferior numerical value of former generation dynamic password with the generation dynamic password time numerical value after upgrading; Generate dynamic password according to time numerical value of the generation dynamic password after upgrading, preset rules described in the present embodiment is for adding 1 or subtract 1.
Time factor in the present embodiment changes according to preset rules after receiving the clock trigger message.
Above-described embodiment is a more preferably embodiment of the present invention, and common variation that those skilled in the art carries out in technical scheme scope of the present invention and replacement all should be included in protection scope of the present invention.
Claims (33)
1. multifunction intelligent key device comprises:
Usb interface module connects with main frame, as data communication interface, is used for receiving or sending data;
Judge module; Be used to judge whether to receive the trigger message message that main frame issues; Be used for judging whether trigger message has data to be signed, also be used for judging whether receive the operation trigger message in the given time, and judge whether said operation trigger message is the affirmation information of carrying out;
Parsing module is used for the said trigger message message that said main frame issues resolved and obtains trigger message, is used for obtaining key message from said data to be signed, also is used for said key message and data to be signed are sent to the dynamic password module;
Second memory module is used for storage key;
The dynamic password module comprises dynamic password generation unit, first storage element and output unit, wherein,
The dynamic password generation unit is used to generate dynamic password;
First storage element is used to store the dynamic password of the static factor, dynamic factor and said generation;
Output unit is used to export the dynamic password of said generation and key message and the data to be signed that said parsing module sends;
Key-press module is used for the input operation trigger message, is connected with said judge module or dynamic password module;
Acquisition module is used for obtaining dynamic password from said dynamic password generation unit or from said first memory cell;
Signature blocks is used for that the said dynamic password that obtains is added on said data to be signed and forms the signature original text; Said signature original text is carried out hash algorithm obtain cryptographic hash and fill, the cryptographic hash after using key to said filling is carried out AES and is obtained the result that signs;
Power module is said dynamic password module for power supply when being used for off line.
2. multifunction intelligent key device as claimed in claim 1 is characterized in that, it is said device power supply that said usb interface module also is used for obtaining electric energy from main frame when online.
3. multifunction intelligent key device as claimed in claim 1 is characterized in that, said dynamic factor is time factor or generates dynamic password time numerical value.
4. like claim 1 or 3 described multifunction intelligent key devices, it is characterized in that said dynamic password generation unit is used for calculating the generation dynamic password according to the dynamic factor and the static factor.
5. like claim 1 or 3 described multifunction intelligent key devices, it is characterized in that said key-press module also is used to import challenging value.
6. multifunction intelligent key device as claimed in claim 5 is characterized in that, said dynamic password generation unit is used for calculating the generation dynamic password according to dynamic factor, the static factor and challenging value.
7. multifunction intelligent key device as claimed in claim 1 is characterized in that said key-press module comprises cancel key and acknowledgement key.
8. like claim 1 or 7 described multifunction intelligent key devices, it is characterized in that said key-press module also comprises page turning key and following page turning key.
9. multifunction intelligent key device as claimed in claim 1; It is characterized in that; Said signature blocks is used for that also said data to be signed are carried out hash algorithm and obtains cryptographic hash; Said cryptographic hash is filled the back make up, combined result is carried out AES obtain the result that signs with the said dynamic password that obtains.
10. multifunction intelligent key device as claimed in claim 1; It is characterized in that; Said signature blocks is used for that also said data to be signed are carried out hash algorithm and obtains cryptographic hash; Again said cryptographic hash is filled the back and use key to carry out AES, said data encrypted and the said dynamic password that obtains are formed the signature result.
11. multifunction intelligent key device as claimed in claim 1; It is characterized in that; Also comprise electric current isolated communication module, blocking-up flows to the electric current of said usb interface module, parsing module, judge module, acquisition module, second memory module and signature blocks when being used for off line.
12. multifunction intelligent key device as claimed in claim 1 is characterized in that, said output unit is display screen and/or voice announcer.
13. multifunction intelligent key device as claimed in claim 12 is characterized in that, said display screen is segment encode display screen or dot matrix display screen.
14. multifunction intelligent key device as claimed in claim 12 is characterized in that, said display screen also is used to show said data to be signed, and said data to be signed comprise: the number of the account and/or the amount of money and/or time and/or place.
15. multifunction intelligent key device as claimed in claim 1 is characterized in that, said output unit also is used for output and confirms information and/or cancellation information and/or overtime information.
16. the method for work of a multifunction intelligent key device is characterized in that, comprising:
Steps A: receive first trigger message;
Step B: judging whether said first trigger message is the trigger message message that main frame issues, is execution in step C then, otherwise generates dynamic password and show;
Step C: said trigger message message resolved obtain trigger message, judge whether data to be signed are arranged in the said trigger message; Be execution in step D then, otherwise carry out corresponding operating according to the trigger message that said parsing obtains;
Step D: obtain the key message in the said data to be signed and show;
Step e: judge in Preset Time, whether to receive the operation trigger message; Be to judge then whether said operation trigger message is the affirmation information of carrying out; Be that confirmation is then obtained dynamic password, said dynamic password that obtains and said data to be signed are formed the signature original text; Said signature original text is carried out hash algorithm obtain cryptographic hash and fill, the cryptographic hash after using key to said filling is carried out AES and is obtained the result that signs, and is not that confirmation is then exported the cancellation information;
Otherwise export overtime information.
17. the method for work of multifunction intelligent key device as claimed in claim 16; It is characterized in that; Said first trigger message is the information that send in the clock source of setting in the said device, generates dynamic password among the said step B and is specially: the time factor of storage and the static factor of storage are calculated dynamic password.
18. the method for work of multifunction intelligent key device as claimed in claim 16; It is characterized in that; Said first trigger message is the button trigger message; Comprise challenging value in the said button trigger message, generate dynamic password among the said step B and be specially: the time factor of storage, the static factor and the said challenging value of storage are calculated dynamic password.
19. the method for work like claim 17 or 18 described multifunction intelligent key devices is characterized in that, said time factor changes according to preset rules when receiving clock source trigger message.
20. the method for work of multifunction intelligent key device as claimed in claim 16; It is characterized in that; Said first trigger message is the button trigger message; Store the inferior numerical value that generates dynamic password in the said device, generate dynamic password among the said step B and be specially: the inferior numerical value and the static factor of said storage are calculated dynamic password.
21. the method for work of multifunction intelligent key device as claimed in claim 16; It is characterized in that; Said first trigger message is the button trigger message; Said button trigger message comprises the challenging value through the button input, stores the inferior numerical value that generates dynamic password in the said device, generates dynamic password among the said step B and is specially: the inferior numerical value of said storage, the static factor and the challenging value of storage are calculated dynamic password.
22. method of work like claim 20 or 21 described multifunction intelligent key devices; It is characterized in that; Before or after calculating dynamic password; The dynamic password generation time numerical value of said storage is changed according to preset rules, the former dynamic password of storing is generated the inferior numerical value after time numerical value replaces with variation.
23. the method for work of multifunction intelligent key device as claimed in claim 16 is characterized in that, the said dynamic password that obtains is: obtain the dynamic password of current generation or the dynamic password that obtaining step E generates and stores before.
24. the method for work of multifunction intelligent key device as claimed in claim 23 is characterized in that, the dynamic password of said current generation is:
Calculate the dynamic password of generation according to the time factor of storage and the static factor of storage;
Or according to time factor, the static factor of storage and the dynamic password that challenging value calculates generation stored;
Or the static factor that the dynamic password of storage generates time numerical value and storage is calculated the dynamic password of generation according to the affirmation information of said execution;
Or the dynamic password of storage is generated time numerical value, the static factor of storage and the dynamic password that challenging value calculates generation according to the affirmation information of said execution.
25. the method for work of multifunction intelligent key device as claimed in claim 23 is characterized in that, the dynamic password that generates and stores before the said obtaining step E is specially:
Trigger the static factor that dynamic password with storage generates time numerical value and storage according to button before the step e and calculate the generation dynamic password and store, obtain the dynamic password of said storage;
Or before step e, trigger the static factor and challenging value that dynamic password with storage generates time numerical value, storage according to button and calculate and generate dynamic password and store, obtain the dynamic password of said storage.
26. the method for work like claim 24 or 25 described multifunction intelligent key devices is characterized in that, said challenging value is the number of the challenge code that issues of main frame or the key-press module input through said device.
27. the method for work of multifunction intelligent key device as claimed in claim 16 is characterized in that, and is said with said dynamic password that obtains and said data to be signed composition signature original text; Said signature original text is carried out hash algorithm obtain cryptographic hash and fill, the cryptographic hash after using key to said filling is carried out AES and is obtained signing that the result is replaceable is:
Said data to be signed are carried out hash algorithm obtain cryptographic hash, said cryptographic hash is filled the back make up with the said dynamic password that obtains; Combined result is carried out AES obtain the result that signs.
28. the method for work of multifunction intelligent key device as claimed in claim 16 is characterized in that, and is said with said dynamic password that obtains and said data to be signed composition signature original text; Said signature original text is carried out hash algorithm obtain cryptographic hash and fill, the cryptographic hash after using key to said filling is carried out AES and is obtained signing that the result is replaceable is:
Said data to be signed are carried out hash algorithm obtain cryptographic hash, again cryptographic hash is filled the back and use key to carry out AES, said data encrypted and the said dynamic password that obtains are formed the signature result.
29. the method for work like claim 27 or 28 described multifunction intelligent key devices is characterized in that, said composition mode is splicing or combined crosswise.
30. the method for work of multifunction intelligent key device as claimed in claim 16 is characterized in that, said affirmation information, cancellation information and overtime information are with display mode output and/or voice broadcasting modes output.
31. the method for work of multifunction intelligent key device as claimed in claim 16 is characterized in that, said dynamic password and key message are through display mode output.
32. the method for work like claim 30 or 31 described multifunction intelligent key devices is characterized in that, said display mode is captions rolling or turns over screen.
33. the method for work of multifunction intelligent key device as claimed in claim 32 is characterized in that, the said screen mode of turning over is specially: every turn over one page at a distance from setting-up time, or through on turn over button with under turn over by key control and turn over screen.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101826528A CN102222390B (en) | 2011-06-30 | 2011-06-30 | Multifunctional intelligent key device and working method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011101826528A CN102222390B (en) | 2011-06-30 | 2011-06-30 | Multifunctional intelligent key device and working method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102222390A CN102222390A (en) | 2011-10-19 |
| CN102222390B true CN102222390B (en) | 2012-10-31 |
Family
ID=44778932
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011101826528A Active CN102222390B (en) | 2011-06-30 | 2011-06-30 | Multifunctional intelligent key device and working method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102222390B (en) |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102609757B (en) * | 2012-03-16 | 2015-02-25 | 深圳市文鼎创数据科技有限公司 | Intelligent key device and control method for same |
| CN102651058B (en) * | 2012-03-30 | 2015-01-28 | 恒宝股份有限公司 | Method for realizing follow attack prevention in device with data sign determining function |
| CN102868530B (en) * | 2012-08-31 | 2016-01-20 | 天地融科技股份有限公司 | A kind of dynamic password formation method and device |
| CN102983974B (en) * | 2012-11-12 | 2016-02-24 | 天地融科技股份有限公司 | Dynamic password display system |
| CN102983975B (en) * | 2012-11-12 | 2016-02-24 | 天地融科技股份有限公司 | Dynamic password display method |
| CN104079407A (en) * | 2013-03-29 | 2014-10-01 | 北京千橡网景科技发展有限公司 | Token generation and verification method and device |
| CN103297243B (en) * | 2013-06-14 | 2016-05-25 | 飞天诚信科技股份有限公司 | A kind of method of work of multifunction intelligent key equipment |
| CN103746816B (en) * | 2014-02-18 | 2017-11-28 | 飞天诚信科技股份有限公司 | A kind of multiple function authentication device and its method of work |
| CN106936573B (en) * | 2014-04-21 | 2018-06-01 | 张亚东 | Dynamic password formation method based on integrated mode |
| CN103973455B (en) * | 2014-05-28 | 2018-09-18 | 天地融科技股份有限公司 | A kind of information interacting method |
| CN103984906B (en) * | 2014-05-28 | 2018-01-16 | 天地融科技股份有限公司 | A kind of electronic key equipment of no button |
| CN104038345A (en) * | 2014-06-20 | 2014-09-10 | 上海动联信息技术股份有限公司 | Control system and control method for realizing cooperation between USBKEY and dynamic token |
| CN104079411A (en) * | 2014-06-30 | 2014-10-01 | 北京海泰方圆科技有限公司 | Composite type password device and method for allowing composite type password device to share display screen and keys |
| CN105790953B (en) * | 2016-03-02 | 2019-05-10 | 飞天诚信科技股份有限公司 | Double nip authenticating device and its working method |
| CN105825131B (en) * | 2016-03-16 | 2018-12-21 | 广东工业大学 | A kind of computer safety start means of defence based on UEFI |
| CN108092775B (en) * | 2016-11-23 | 2021-04-23 | 阿里巴巴集团控股有限公司 | Calibration method and device, and electronic device |
| CN107066894B (en) * | 2017-03-09 | 2019-12-10 | 天地融科技股份有限公司 | Multifunctional intelligent secret key equipment and operation instruction execution method and device thereof |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459516A (en) * | 2009-02-20 | 2009-06-17 | 浙江工业大学 | Dynamic password safe login method |
| CN101540738A (en) * | 2008-12-31 | 2009-09-23 | 北京飞天诚信科技有限公司 | Information security middleware and use method |
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
| CN101764691A (en) * | 2009-12-17 | 2010-06-30 | 北京握奇数据系统有限公司 | Method, equipment and system for obtaining dynamic passwords to generate keys |
| CN102098160A (en) * | 2010-11-11 | 2011-06-15 | 北京航空航天大学 | Dynamic password and digital certificate based double-factor authentication security token device |
-
2011
- 2011-06-30 CN CN2011101826528A patent/CN102222390B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101540738A (en) * | 2008-12-31 | 2009-09-23 | 北京飞天诚信科技有限公司 | Information security middleware and use method |
| CN101459516A (en) * | 2009-02-20 | 2009-06-17 | 浙江工业大学 | Dynamic password safe login method |
| CN101651675A (en) * | 2009-08-27 | 2010-02-17 | 北京飞天诚信科技有限公司 | Method and system for enhancing security of network transactions |
| CN101764691A (en) * | 2009-12-17 | 2010-06-30 | 北京握奇数据系统有限公司 | Method, equipment and system for obtaining dynamic passwords to generate keys |
| CN102098160A (en) * | 2010-11-11 | 2011-06-15 | 北京航空航天大学 | Dynamic password and digital certificate based double-factor authentication security token device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102222390A (en) | 2011-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102222390B (en) | Multifunctional intelligent key device and working method thereof | |
| US20180262334A1 (en) | Integration of verification tokens with mobile communication devices | |
| CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
| CN102696212B (en) | There is the compact safety device of transaction risk grade approval ability | |
| CN201035502Y (en) | Safety accidental dynamic soft keyboard | |
| US20190303915A1 (en) | Integration of verification tokens with mobile communication devices | |
| CN102867366B (en) | Portable bank card data processing device, system and method | |
| CN101789864B (en) | On-line bank background identity identification method, device and system | |
| CN102202092A (en) | Television bank public service platform | |
| KR101070727B1 (en) | System and method for performing user authentication using coordinate region and password | |
| CN103886460A (en) | On-site payment system and method implemented based on identity authentication token | |
| EP2840735A1 (en) | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system | |
| CN101800645B (en) | Identity authentication method, device and system | |
| CN102073803A (en) | Device, method and system for enhancing safety of USBKEY | |
| CN104978144A (en) | Gesture password input device and system and method for transaction based on system | |
| CN101082948A (en) | Portable anti-peeping safety keyboard and method of use thereof | |
| CN101212301B (en) | Authentication device and method | |
| CN209118349U (en) | A kind of digital cash storage device with payment function | |
| CN103595532A (en) | Multi-functional composite password key based on USBKEY and OTP technology | |
| CN101262348A (en) | USB digital signature device and its operation method | |
| CN104966193A (en) | System and method for safely transmitting ID (identity )by using Bluetooth | |
| CN104104505B (en) | A kind of electronic signature equipment and its implementation and client | |
| CN201207651Y (en) | USB digital autograph device | |
| CN1921392B (en) | Intelligent key equipment | |
| CN105405010B (en) | Transaction device, transaction system using the same and transaction method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |