CN102468958A - Hardware lock device authentication method and related hardware lock device - Google Patents
Hardware lock device authentication method and related hardware lock device Download PDFInfo
- Publication number
- CN102468958A CN102468958A CN2010105352390A CN201010535239A CN102468958A CN 102468958 A CN102468958 A CN 102468958A CN 2010105352390 A CN2010105352390 A CN 2010105352390A CN 201010535239 A CN201010535239 A CN 201010535239A CN 102468958 A CN102468958 A CN 102468958A
- Authority
- CN
- China
- Prior art keywords
- password
- factor
- main frame
- hardware lock
- lock device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an authentication method used for a hardware lock device and the hardware lock device. The authentication method comprises the following steps: receiving a first code trigger factor from a host; according to the first code trigger factor, generating a first one-time code; sending the first one-time code and a second code trigger factor to the host simultaneously; receiving a second one-time code corresponding to the second code trigger factor from the host; according to the second one-time code, determining an authentication result of a hardware lock; sending the authentication result to the host. According to the method and the device of the invention, authentication correlation information can be prevented from being stolen.
Description
Technical field
The present invention relates to a kind of information security method and relevant apparatus, relate in particular to a kind of authentication method and related hardware locking device thereof that is used for a hardware lock device.
Background technology
In computer network, the general data transmission, authentication or software use the mode or the equipment of account, password or hardware lock (KeyPro) in use usually, come whether the authentication user is the proper user who authorizes.Common mode user can apply for a hardware lock device to hardware lock company, like the hardware unit of a token (Token), and passes through the particular webpage startup and sets the protection to certain accounts.Whenever the user desires the protected account of access; When software or particular host when (as the account who logins the ad hoc networks territory or login the particular network shop); The user inputs user's account number and password in advance, then requires the user to insert the hardware lock device and verifies account number, and whether password and hardware lock be correct; If can use this software, account number or data after correct.
In aforementioned user's authentication mode, generally all be to make final decision by main frame, determine whether authentication is passed through.Yet such security schema still exists risk.Can be such as, hacker through eavesdropping software, monitor host side to crack information such as user's input.
Summary of the invention
Therefore,, the object of the present invention is to provide a kind of authentication method of hardware lock device, be stolen with the prevention authentication-related information to the problem that exists in the prior art.
The present invention discloses a kind of authentication method that is used for a hardware lock device, and it includes and receives one first password from a main frame and trigger the factor; Trigger the factor according to this first password, produce one first disposal password; Transmit this first disposal password and one second password simultaneously and trigger the factor to this main frame; Receive one second disposal password that triggers the factor corresponding to this second password from this main frame; According to this second disposal password, judge a authentication result about this hardware lock; And transmit this authentication result to this main frame.
The present invention discloses a kind of hardware lock device in addition, and it includes a password generation unit, a judging unit, a receiving element and a delivery unit.This password generation unit is used for triggering the factor according to one first password, produces one first disposal password.This judging unit is used for judging the authentication result about this hardware lock according to one second disposal password that triggers the factor corresponding to one second password.This receiving element is used for receiving one first password from a main frame and triggers the factor and this second disposal password.This delivery unit is used for transmitting simultaneously this first disposal password and this second password triggers the factor to this main frame, and transmits this authentication result to this main frame.
Beneficial effect of the present invention is; The present invention lets by authentication end (like main frame) and is carried out double disposal password identifying procedure by authentication end (like token); And, be stolen with the disposal password in the prevention verification process by being confirmed final authentication result by the authentication end.
Description of drawings
Fig. 1 is the sketch map of the embodiment of the invention one identifying procedure.
Fig. 2 is the sketch map of the embodiment of the invention one token.
Wherein, description of reference numerals is following:
10 identifying procedures
100,110,120,130,140,150,160,170 steps
12 main frames
14 tokens
A1, A2 password trigger the factor
OTP1, OTP2 disposal password
The AU_RES authentication result
Embodiment
Please refer to Fig. 1, Fig. 1 is the sketch map of the embodiment of the invention one identifying procedure 10.Identifying procedure 10 is used for realizing that a main frame 12 and possesses the authentication of 14 of the tokens (Token) of hardware lock (Keypro), and it comprises the following step:
Step 100: 14 of main frame 12 and tokens are accomplished user's password and are logined flow process.
Step 110: main frame 12 transmits a password and triggers factors A 1 to token 14.
Step 120: token 14 triggers factors A 1 according to password, produces a disposal password OTP1.
Step 130: token 14 transmits disposal password OTP1 simultaneously and a password triggers factors A 2 to main frame 12.
Step 140: main frame 12 triggers factors A 2 according to password, produces a disposal password OTP2.
Step 150: main frame 12 transmits disposal password OTP2 to token 14.
Step 160: token 14 is judged the authentication result about token 14 according to disposal password OTP2.
Step 170: token 14 transmits authentication result to main frame 12.
According to identifying procedure 10, token 14 can input user's account number automatically and password to main frame 12 is logined flow process to accomplish user's password.Then, main frame 12 and token 14 carry out a two-way disposal password identifying procedure.At first, main frame 12 transmits password and triggers factors A 1 to token 14, and token 14 produces corresponding disposal password OTP1 in view of the above.When passback disposal password OTP1, token 14 also transmits password simultaneously and triggers factors A 2 to main frame 12, to carry out the Next Password identifying procedure.It can be that main frame 12 and token 14 prior agreements (presetting) are good with the relation between the cipher authentication flow process for the first time that password triggers factors A 2.Main frame 12 triggers factors A 2 according to password, produces corresponding disposal password OTP2, and repayment gives token and 14 makes authenticate-acknowledge.If disposal password OTP2 meets token 14 required passwords, then token 14 is judged authentication success, otherwise then judges authentification failure.At last, token 14 is passed to main frame 12 with authentication result, informs authentication success or failure.Under the situation of authentication success, the user can successfully login the target of desiring access, like net territory or webpage.By on can know; In identifying procedure 10; Carried out adopting for twice the disposal password identifying procedure of challenge/response (Challenge/Response) mode between main frame 12 and the token 14; And the action of judging authentication success or failure at last is to be responsible for by token 14, even therefore the hacker successfully invades the identifying procedure that also can't definitely learn main frame 12 and token 14 under the situation of main frame 12 eavesdropping passwords, lets and cracks probability and significantly reduce.
In identifying procedure 10, password triggers factors A 1 or A2 can be one group of counter that produces at random or time factor, to be used to realize the disposal password identifying procedure of property counted or timing property.In other words; Main frame 12 and token 14 can trigger factors A 1 or A2 is inserted in identical AES with password, and whether to draw one group of password respectively, it is identical to compare two groups of passwords again; And when two groups of passwords are identical, carry out next step (as judging the cipher authentication flow process of authentication result or another time).For example, main frame 12 utilizes an algorithm and password to trigger factors A 2 and produces disposal password OTP2.Token 14 is when receiving disposal password OTP2; Also utilize identical algorithms and password to trigger factors A 2 and produce one group of disposal password; When if the disposal password that produces conforms to disposal password OTP2, then token 14 is judged authentication success, otherwise then judges authentification failure.Likewise, main frame 12 judge disposal password OTP1 that token 14 produced whether correctly also be profit in the same way.In addition, disposal password OTP1 and OTP2 can (Hash-based Message Authentication Code OneTime Password, HOTP) algorithm produces according to a hash information authenticating one-time password.
Please refer to Fig. 2, Fig. 2 is the sketch map of the embodiment of the invention one token 20.Token 20 is used for realizing the token 14 in the identifying procedure 10, and comprises a connecting interface 200, a receiving element 210, a delivery unit 220, a password generation unit 230 and a judging unit 240.Receiving element 210 and delivery unit 220 carry out handshaking through connecting interface 200 with a main frame (like the main frame 12 of Fig. 1).Connecting interface 200 can be USB (Universal Serial Bus; USB), interface such as a printing terminal (Line Print Terminal, LPT) or RS-232, to let token 20 and main frame can use identical communications protocol or transmission data encipher mode to come swap data.When receiving element 210 received password triggering factors A 1 through connecting interface 200, password generation unit 230 triggered factors A 1 according to password, utilizes the AES identical with main frame to produce disposal password OTP1.Algorithm can be an Advanced Encryption Standard (Advanced Encryption Standard, AES) algorithm or other AESs.In addition; Token 20 can comprise multiple preset password and trigger the factor; Before token 20 dispatches from the factory, store multiple cipher like manufacturer and trigger the factor in the nonvolatile memory (not being shown among the figure) of token 20; When needing password to trigger the factor, token 20 is selected one group of password more at random and is triggered the factor at every turn; Or when needing password to trigger the factor, token 20 produces one group of password at random and triggers the factor at every turn.The password that is produced triggers factors A 2 and follows the disposal password OTP1 that is produced to be sent to main frame by delivery unit 220 simultaneously again.The disposal password OTP2 that judging unit 240 is replied according to the main frame lock judges the authentication result AU_RES about token 20 (or user), and it is sent to main frame by delivery unit 220 again.Because token 20 can be used to realize the token 14 in the identifying procedure 10, therefore detailed identifying procedure please refer to Fig. 1 explanation, does not give unnecessary details in this.
Therefore, the present invention lets by authentication end (like main frame) and is carried out double disposal password identifying procedure by authentication end (like token), and by being confirmed final authentication result by the authentication end, is stolen with the disposal password in the prevention verification process.
The above is merely preferred embodiment of the present invention, and all equivalent variations and modifications of doing according to claim of the present invention all should belong to covering scope of the present invention.
Claims (7)
1. authentication method that is used for a hardware lock device includes step:
Receive one first password from a main frame and trigger the factor;
Trigger the factor according to this first password, produce one first disposal password;
One second password that transmits this first disposal password and this hardware lock device simultaneously triggers the factor to this main frame;
Receive one second disposal password that triggers the factor corresponding to this second password from this main frame;
According to this second disposal password, judge a authentication result about this hardware lock; And
Transmit this authentication result to this main frame.
2. authentication method as claimed in claim 1 is characterized in that, this authentication method also is contained in this hardware lock device and receives this first password from this main frame and trigger before factor, accomplishes the step that user's account number and password are logined program with this main frame.
3. authentication method as claimed in claim 1 is characterized in that, it is the time factor that the counter or that produces at random produces at random that this first password triggers factor.
4. authentication method as claimed in claim 1 is characterized in that, it is the time factor that the counter or that produces at random produces at random that this second password triggers factor.
5. hardware lock device includes:
One password generation unit is used for triggering the factor according to one first password, produces one first disposal password;
One judging unit is used for judging the authentication result about this hardware lock according to one second disposal password that triggers the factor corresponding to one second password of this hardware lock device;
One receiving element is used for receiving one first password from a main frame and triggers the factor and this second disposal password; And
One delivery unit is used for transmitting simultaneously this first disposal password and this second password and triggers the factor to this main frame, and transmits this authentication result to this main frame.
6. hardware lock device as claimed in claim 5 is characterized in that, it is the time factor that the counter or that produces at random produces at random that this first password triggers factor.
7. hardware lock device as claimed in claim 5 is characterized in that, it is the time factor that the counter or that produces at random produces at random that this second password triggers factor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105352390A CN102468958A (en) | 2010-11-03 | 2010-11-03 | Hardware lock device authentication method and related hardware lock device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105352390A CN102468958A (en) | 2010-11-03 | 2010-11-03 | Hardware lock device authentication method and related hardware lock device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102468958A true CN102468958A (en) | 2012-05-23 |
Family
ID=46072170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105352390A Pending CN102468958A (en) | 2010-11-03 | 2010-11-03 | Hardware lock device authentication method and related hardware lock device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102468958A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102855422A (en) * | 2012-08-21 | 2013-01-02 | 飞天诚信科技股份有限公司 | Method and device for identifying pirated encryption lock |
| CN104915581A (en) * | 2015-01-09 | 2015-09-16 | 中华电信股份有限公司 | Augmented reality unlocking system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| EP1933252A1 (en) * | 2006-12-13 | 2008-06-18 | Axalto S.A. | Dynamic OTP Token |
| CN101453458A (en) * | 2007-12-06 | 2009-06-10 | 北京唐桓科技发展有限公司 | Personal identification process for dynamic cipher password bidirectional authentication based on multiple variables |
| CN101594232A (en) * | 2009-06-30 | 2009-12-02 | 北京飞天诚信科技有限公司 | The authentication method of dynamic password, system and corresponding authenticating device |
-
2010
- 2010-11-03 CN CN2010105352390A patent/CN102468958A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1937498A (en) * | 2006-10-09 | 2007-03-28 | 网之易信息技术(北京)有限公司 | Dynamic cipher authentication method, system and device |
| EP1933252A1 (en) * | 2006-12-13 | 2008-06-18 | Axalto S.A. | Dynamic OTP Token |
| CN101453458A (en) * | 2007-12-06 | 2009-06-10 | 北京唐桓科技发展有限公司 | Personal identification process for dynamic cipher password bidirectional authentication based on multiple variables |
| CN101594232A (en) * | 2009-06-30 | 2009-12-02 | 北京飞天诚信科技有限公司 | The authentication method of dynamic password, system and corresponding authenticating device |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102855422A (en) * | 2012-08-21 | 2013-01-02 | 飞天诚信科技股份有限公司 | Method and device for identifying pirated encryption lock |
| WO2014029221A1 (en) * | 2012-08-21 | 2014-02-27 | 飞天诚信科技股份有限公司 | Recognition method and apparatus for pirated encryption lock |
| US10152593B2 (en) | 2012-08-21 | 2018-12-11 | Feitian Technologies Co., Ltd. | Method and device for identifying pirated dongle |
| CN104915581A (en) * | 2015-01-09 | 2015-09-16 | 中华电信股份有限公司 | Augmented reality unlocking system and method |
| CN104915581B (en) * | 2015-01-09 | 2018-10-02 | 中华电信股份有限公司 | Augmented reality unlocking system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102215221B (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| US8590024B2 (en) | Method for generating digital fingerprint using pseudo random number code | |
| CN101340436B (en) | Method and apparatus implementing remote access control based on portable memory apparatus | |
| CN111783068B (en) | Device authentication method, system, electronic device and storage medium | |
| TW200810465A (en) | Mutual authentication between two parties using two consecutive one-time passwords | |
| EP1922632A2 (en) | Extended one-time password method and apparatus | |
| CN105553926A (en) | Authentication method, server, and terminal | |
| WO2013165317A1 (en) | Method and system for protecting a password during an authentication process | |
| US9294474B1 (en) | Verification based on input comprising captured images, captured audio and tracked eye movement | |
| CN111131300B (en) | Communication method, terminal and server | |
| CN103200176A (en) | Identification method, identification device and identification system based on bank independent communication channel | |
| US20160044033A1 (en) | Method for verifying security data, system, and a computer-readable storage device | |
| CZ2015473A3 (en) | The method of authentication security in electronic communication | |
| CN104077690A (en) | One-time password generation method and device, authentication method and authentication system | |
| CN105187382A (en) | Multi-factor identity authentication method for preventing library collision attacks | |
| CN104901940A (en) | 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication | |
| CN111031061A (en) | Verification method and gateway equipment | |
| CN110891065A (en) | Token-based user identity auxiliary encryption method | |
| CN107453871A (en) | Password generated method, password authentication method, method of payment and device | |
| CN107786978B (en) | NFC authentication system based on quantum encryption | |
| CN104901967A (en) | Registration method for trusted device | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| CN102468958A (en) | Hardware lock device authentication method and related hardware lock device | |
| US20160335636A1 (en) | Dual-Channel Identity Authentication Selection Device, System and Method | |
| CN106789076B (en) | Interaction method and device for server and intelligent equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120523 |