CN103178960A - Protective function operation control process system - Google Patents
Protective function operation control process system Download PDFInfo
- Publication number
- CN103178960A CN103178960A CN2012105642744A CN201210564274A CN103178960A CN 103178960 A CN103178960 A CN 103178960A CN 2012105642744 A CN2012105642744 A CN 2012105642744A CN 201210564274 A CN201210564274 A CN 201210564274A CN 103178960 A CN103178960 A CN 103178960A
- Authority
- CN
- China
- Prior art keywords
- electronic equipment
- coffret
- configuration
- antenna
- safety element
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Abstract
The invention relates o a protective function operation control process system. The invention discloses a system (1) including a first electronic device (2) and a second electronic device (3). The first electronic device (2) includes a safety element (26) and a first transmission interface (25), the safety element is responsible for verifying whether the input verifying identification information (PIN) is consistent with the stored identification code. The second electronic device includes a second transmission interface (33), and the first electronic device and the second electronic device perform data transmission via the transmission interfaces (25) and (33). The operation mechanism of the system is that the user interface (32) of the second electronic device (3) is used for receiving the personal verifying identification information (PIN) of user input and transmitting the information via the transmission interfaces (25) and (33) to the safety element (26) of the first electronic device (2).
Description
Technical field
The present invention relates to authenticate the system of defencive function operation control procedure.This function is protected by authentication, and the result according to user profile moves usually.This function is particularly useful for accessing various resources, as system, network, application, remote server or card and storing information etc., sends this process of instruction operation by the element of special reception resource access information.
Background technology
The required user of access resources authenticates on an information system and carries out.The user authenticates and comprises two steps: the input information step, and in this step, the user inputs personal authentication's identifying information; Next is the user information authentication step, and system compares with the personal information that records before by the personal information to user's input, decides and authorizes or the refusing user's access resources.If the granted access resource, the authentication defencive function is completed, and the user can obtain the authority of access resources.
Personal authentication's identifying information can be password, PIN identifying code (PIN) or biometric information.
Control example according to defencive function, the user has a terminal, can insert a safety element in this terminal, as insert a SIM card on mobile phone.By the user interface of end, the user can input personal verification's identifying information.This terminal transfers to safety element with the personal information of input.This safety element is compared the information that records on the personal information received and safety element holder.If the personal information of receiving is consistent with storing information, safety element is completed the defencive function authentication, allows the user to use resource.
But this system may suffer that the unauthorized personnel utilizes the means invasion of theft identity.Identity theft refers to that the unauthorized personnel passes through in end, an illegal software to be installed, and malice is stolen personal authentication's identifying information, especially user's sensitive information.When the user inputted the personally identifiable information, Malware can obtain and record these personal verification's identifying informations.By the personal information of stealing in the safety element input, this Malware can be in the ignorant situation of user, by protection verification process Gains resources.Terminal and safety element all can not detect the existence of this Malware.
Therefore, in order to tackle risk of attacks, aspect resource access, be necessary to improve authentication defencive function controlling mechanism.
Summary of the invention
The defencive function procedures system comprises two electronic equipments: the first electronic equipment and the second electronic equipment.The first electronic equipment comprises a safety element and a coffret, and when the checking identifying information of receiving conformed to presupposed information, safety element allowed the user to use resource.The second electronic equipment comprises a coffret.First and second electronic equipment can carry out by above-mentioned coffret the transmission of information, the operating mechanism of this system is: the user interface of second electronic equipment is used for receiving personal verification's identifying information of user's input, and by the safety element of above-mentioned coffret with these communication to the first electronic equipments.
Therefore, the defencive function procedures system comprises two electronic equipments.
First electronic equipment comprises a safety element and a coffret, and whether the identifying information of safety element checking input is consistent with the information that sets in advance.Second electronic equipment comprises a coffret.First and second electronic equipment can carry out by above-mentioned coffret the transmission of information.
Concrete operating mechanism is as follows: receiving step, the second electronic equipment receive the user at personal verification's identifying information of second electronic device user interface place's input; Transmitting step is sent to the personal information of input by above-mentioned coffret the safety element of the first electronic equipment.
In view of above feature, these checking identifying informations can be obtained by safety element, and need be by the user interface input of the first electronic equipment.Therefore, the Malware that is arranged on the first electronic device user interface place is more difficult these authorization informations of obtaining just.Therefore this authentication protection system can prevent that also someone from stealing identity.The checking identifying information can be checking identifying information itself, or one comprises the enciphered message of verifying identifying information, or an enciphered message that comprises the defencive function grant instruction.
According to operator scheme, the second electronic equipment can will verify that the form of identifying information with enciphered message transfers to safety element, and this safety element verifies and identify these information whether conform to consistent with the information that sets in advance to the checking identifying information of receiving.
Safety element is decoded the checking identifying information of receiving by separating secret key.
The second electronic equipment can be fixed on the first electronic equipment.
The second electronic equipment can be fixed on the first electronic equipment, and is dismountable.
The second electronic equipment can be fixed on the shell of the first electronic equipment.For example, the second electronic equipment is fixed on the back side (with respect to a keyboard or a screen) of the first electronic equipment.Preferably, both antennas face to face.
According to operator scheme, the first coffret is wireless transmission interface, can comprise an antenna, and the second coffret can be also wireless transmission interface, can comprise equally an antenna.
According to operator scheme, the second electronic equipment is connected in a movable manner with the first electronic equipment, is between primary importance and the second place.In primary importance, both antennas face to face; In the second place, two antennas are at a distance of more farther.
According to operator scheme, the first coffret is wireless transmission interface, can comprise an antenna, and the second coffret also can be wireless transmission interface, can comprise an antenna.
The second electronic equipment receives the signal from second antenna transmission of first sky alignment.
The second electronic equipment comprises the switch of a user-operable, and this switch cuts out and carries out signal transmission and the second antenna is opened between these two positions at the second day line.
The first electronic equipment can be mobile phone, and the second electronic equipment can be electronic tag.
Defencive function comprises one of them operating procedure at least: the signal transmission between safety element and external equipment, the ADPU order from the first electronic equipment is carried out in the transaction between safety element and external equipment, uses cipher mode, for example uses safety element.
Description of drawings
Following illustration is to other peculiar functions of native system and the description of advantage:
Fig. 1 is the feature operation modular system;
Fig. 2 is the electronic equipment hardware configuration of system shown in Figure 1;
Fig. 3 is the defencive function control system process steps of system shown in Figure 1;
Fig. 4 is the electronic tag details of system shown in Figure 1;
Fig. 5 A and 5B illustrate system shown in Figure 1, and electronic tag can slide in this operator scheme; And
Fig. 6 illustrates system shown in Figure 1, and electronic tag can rotate in this operator scheme.
Embodiment
Fig. 1 illustrates system 1, comprises a mobile phone 2 and an electronic tag 3 that is fixed on mobile phone 2.Electronic tag 3 is fixed on the shell 20 of mobile phone 2, for example is fixed on the back side of mobile phone 2, namely on the surface 28 relative with the surface 29 that a keyboard and/or screen are arranged.
According to operator scheme of the present invention, indicate the length of mobile phone 2 inside dimensions on electronic tag 3, width and thickness.Electronic tag 3 also can show its shape.According to this operator scheme, electronic tag 3 is at least part of to be formed by standard ISO 7816, the card that is of a size of ID-1 by one.For example, electronic tag 3 is through being arranged on after personalization on the card that is of a size of ID-1.
Fig. 2 is the hardware structure diagram of mobile phone 2 and electronic tag 3.
Defencive function comprises: the signal transmission between safety element 26 and external equipment, for example by coffret 25 and 27; Transaction between safety element 26 and outer member, for example financial transaction; Execution is from the ADPU order of mobile phone 2; Use cryptographic operation mode etc.
In this pattern, electronic tag 3 is fixed on (stickup) on mobile phone 2, and coffret 25 and 33 is adjacent.Therefore, electronic tag 3 and mobile phone 2 can carry out the signal transmission by coffret 25 and 33.
Fig. 3 is the checking protection control procedure step of Fig. 1 system 1.
Subsequently, in stage E 3, the user is in the user interface 32 places input PIN code of electronic tag 3.
Next be stage E 4, because in this stage, electronic tag 3 is by coffret 25 and 33, and the enciphered message M that will contain the PIN password is sent to safety element 26.Safety element 26 can be received information M in stage E 4.
Next stage is E5, and the safety element of mobile phone 2 26 uses separates secret keys with information M decoding, then the PIN password received and the PIN password of storage is compared.When both conformed to, 26 of safety elements allowed user's contact and use resource.
Therefore, when the PIN password was correct, in stage E 6, safety element and/or mobile phone 2 started the FCT defencive function.
Another method is, 3 pairs of checking identifying informations of electronic tag (being in this embodiment the PIN password) verify, electronic tag 3 sends the encrypted authentication information to safety element 26, when identifying code is correct, allows the user to use resource.
2 couples of information M of mobile phone change.But because information M is that the safety of encrypting and mobile phone 2 can not access security element 26 stores is separated secret key, the Malware that therefore is arranged on mobile phone 2 just can not be decoded information M and acquisition PIN password.Therefore the system that Fig. 1 represents also avoids identity to be stolen.In addition, even information M does not encrypt, input the PIN passwords at the user interface 32 of electronic tag 3 and also can make Malware intercepting PIN password become more difficult.
In operator scheme shown in Figure 1, electronic tag 3 sticks on mobile phone 2, and is relative with the antenna of coffret 25.Label 3 may stop or hinder mobile phone 2 by the transport communication between coffret 25 and another external equipment in this position.
Therefore, also have a kind of execution mode, be about to electronic tag 3 and stick in a movable manner on mobile phone 2.So, by the transport communication between coffret 25 and another external equipment, the user just can take out electronic tag 3 for mobile phone 2.
According to the pattern shown in Fig. 4, electronic tag 3 comprises a switch 34, the position of this switch can allow antenna 34 form one closed circuit, carry out communication, or antenna opens, but do not carry out communication.The user can operate by 35 pairs of switches 34 of button on electronic tag 3 surfaces.
According to another operator scheme, electronic tag 3 is connected on mobile phone 2 with manner, the position of electronic tag is below between two positions: the position that coffret 33 antennas are adjacent with coffret 25 antennas, with coffret 33 antennas and coffret 25 at a distance of farther position.When second position, electronic tag 3 farther so can interference handset 2 by the transport communication between coffret 25 and another external equipment.System 1 comprises the holding device of position 1 and position 2, for example automatic clamp taut band, pressing key, magnet and clamping device.
For example as shown in Figure 5, Fig. 5 A is from the mobile phone back side, and Fig. 5 B is vertical face figure, and electronic tag 3 is in mobile phone 2 fixed frames 4, and electronic tag 3 slides between primary importance (as shown in label 3a) and the second place (as shown in label 3b) in framework 4.Electronic tag movement between primary importance and the second place need to be pressed label and be made its crooked slip.
Shown in Figure 6, from the mobile phone side, electronic tag 3 is fixed on mobile phone 2 swinging mountings 5, and swinging mounting 5 is connected with mobile phone 2 by joint 6.
In another pattern, electronic tag 3 comprises the part that is fixed on mobile phone and the rotatable portion that is fixed on front portion.The antenna of coffret 33 is positioned at second portion.Therefore, second portion can slide between primary importance and the second place.Label comprises that a connecting joint can allow second portion rotate between primary importance and the second place, as by on the mobile phone surface, a parallel axes or a normal axis being set.
In another pattern, safety element 26 comprises the identification code of an electronic tag 3 in its holder.By this identification code, safety element 26 can be at first by obtaining the PIN password with electronic tag 3, and then carry out the defencive function checking by another external equipment.
Claims (18)
1. a system (1), comprise: the first electronic equipment (2) and the second electronic equipment (3), the first electronic equipment (2) comprises safety element (26) and the first coffret (25), and safety element (26) is responsible for verifying whether the checking identifying information (PIN) of input is consistent with the recognition code that has stored; The second electronic equipment comprises the second coffret (33), and the first electronic equipment and the second electronic equipment can carry out transfer of data by coffret (25) and (33); The running of this system is: the user interface (32) of second electronic equipment (3) be used for to receive personal verification's identifying information (PIN) of user's input, and by above-mentioned coffret (25) and (33) safety element (26) with these communication to the first electronic equipments (2).
2. system according to claim 1, in system (1), second electronic equipment (3) of configuration is sent to safety element (26) for authenticating identifying information (PIN) with encrypted form, configuration safety element (26) is whether the authentication identifying information (PIN) of receiving in order to decode, to verify conforms to the identifying code of presetting.
3. system according to claim 2, this intrasystem safety element (26) configuration is used for decode and verifies whether the authentication identifying information (PIN) of receiving conforms to the identifying code of presetting.
4. according to claim 1-3 any one described systems, in system, second electronic equipment (3) of configuration is fixed on the first electronic equipment (2).
5. system according to claim 4, in system, second electronic equipment (3) of configuration is fixed on the first electronic equipment (2) in a movable manner.
6. any one described system according to claim 3-5, in system, first coffret (25) of configuration is wireless transmission interface, sets up the first antenna; In system, second coffret (33) of configuration is also wireless transmission interface, sets up the second antenna.
7. system according to claim 6, in system, the second electronic equipment of configuration is fixed on the first electronic equipment, and the second antenna and the first antenna face-to-face.
8. any one described system according to claim 1-3, in system, first coffret (25) of configuration is wireless transmission interface, sets up the first antenna; In system, second coffret (33) of configuration is also wave point, sets up the second antenna.
9. system according to claim 8, in system, second electronic equipment (3) of configuration is connected with the first electronic equipment (2) in mobile mode, and is between two positions: in primary importance, the first antenna and the second antenna are adjacent face-to-face; And in the second place, the second antenna and the first antenna are relatively far apart.
10. system according to claim 9, in system, the second electronic equipment of configuration can slide between primary importance and the second place.
11. system according to claim 9, in system, the second electronic equipment of configuration can rotate between primary importance and the second place.
12. system according to claim 8, in system, second electronic equipment (3) of configuration comprises two parts: be fixed on first and the rotatable second portion that is connected in first on the first electronic equipment (2), the second antenna is positioned at rotatable the second part.
13. any one described system according to claim 8-12, in system, second electronic equipment (3) of configuration is charged by the charging signals that the first antenna is sent to the second antenna.
14. any one described system according to claim 7-13, in system, second electronic equipment (3) of configuration comprises the switch (34) of user operation, this switch be arranged at the second antenna consist of closed circuit and can carry out the position of communication and position that the second antenna is opened between.
15. any one described system according to claim 1-14, in system, first electronic equipment (2) of configuration is mobile phone, and the second electronic equipment (3) is electronic tag.
16. any one described system according to claim 1-15, in system, the authentication defencive function of configuration comprises the operating procedure of following at least: the transaction between signal transmission, safety means (26) and external equipment between safety element (26) and external equipment and carry out (2) ADPU order and use cipher mode from the first electronic equipment.
17. authentication protection control method that is used for system (1), described system (1) comprises the first electronic equipment (2) and the second electronic equipment (3), the first electronic equipment (2) comprises safety element (26) and the first coffret (25), and safety element (26) can verify whether the authentication identifying information (PIN) of input is consistent with default identifying code; The second electronic equipment (3) comprises the second coffret (33), and the first electronic equipment (2) and the second electronic equipment (3) can carry out communication by coffret (25) and (33), and described method characteristic is to comprise the following steps:
Receive stage E 1, receive the checking identifying information (PIN) that the user locates to input by the coffret (32) of the second electronic equipment (3);
Transmit stage E2, the authentication identifying information (PIN) that coffret (22) and (33) will be inputted is sent to the safety element (26) of the first electronic equipment (2).
18. method according to claim 17, transmit stage E2 comprises the checking identifying information transmitted with encrypted form, and transmitting procedure is as follows:
At decode phase E3, the checking identifying information that safety element (26) will be received is decoded;
In definite stage E 3, determine whether the checking identifying information of input conforms to preset password.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1162127A FR2985129B1 (en) | 2011-12-21 | 2011-12-21 | SYSTEM AND METHOD FOR MONITORING THE EXECUTION OF A PROTECTED FUNCTION |
FR1162127 | 2011-12-21 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103178960A true CN103178960A (en) | 2013-06-26 |
CN103178960B CN103178960B (en) | 2019-11-05 |
Family
ID=45992341
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210564274.4A Active CN103178960B (en) | 2011-12-21 | 2012-12-21 | Defencive function operating control procedures system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103178960B (en) |
FR (1) | FR2985129B1 (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
CN101422058A (en) * | 2006-04-19 | 2009-04-29 | 法国电信公司 | Method of securing access to a proximity communication module in a mobile terminal |
CN101685635A (en) * | 2008-09-23 | 2010-03-31 | 吕共欣 | Identity authentication system and method |
CN101951320A (en) * | 2010-09-29 | 2011-01-19 | 北京天地融科技有限公司 | Implementation method, device and system of dynamic password |
US20110225421A1 (en) * | 2010-03-12 | 2011-09-15 | Samsung Electronics Co., Ltd | Method of obtaining content for mobile terminal, mobile terminal using the method, and near field communication system having the mobile terminal |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9324071B2 (en) * | 2008-03-20 | 2016-04-26 | Visa U.S.A. Inc. | Powering financial transaction token with onboard power source |
US8224375B2 (en) * | 2009-05-01 | 2012-07-17 | Qualcomm Incorporated | Proximity purchase ringtones |
-
2011
- 2011-12-21 FR FR1162127A patent/FR2985129B1/en active Active
-
2012
- 2012-12-21 CN CN201210564274.4A patent/CN103178960B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101422058A (en) * | 2006-04-19 | 2009-04-29 | 法国电信公司 | Method of securing access to a proximity communication module in a mobile terminal |
CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
CN101685635A (en) * | 2008-09-23 | 2010-03-31 | 吕共欣 | Identity authentication system and method |
US20110225421A1 (en) * | 2010-03-12 | 2011-09-15 | Samsung Electronics Co., Ltd | Method of obtaining content for mobile terminal, mobile terminal using the method, and near field communication system having the mobile terminal |
CN101951320A (en) * | 2010-09-29 | 2011-01-19 | 北京天地融科技有限公司 | Implementation method, device and system of dynamic password |
Also Published As
Publication number | Publication date |
---|---|
FR2985129B1 (en) | 2017-11-17 |
FR2985129A1 (en) | 2013-06-28 |
CN103178960B (en) | 2019-11-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8893234B2 (en) | Method of securing access to a proximity communication module in a mobile terminal | |
KR101706173B1 (en) | A method and apparatus for securing a mobile application | |
US20160012272A1 (en) | Fingerprint authentication system and a fingerprint authentication method based on nfc | |
US20120047566A1 (en) | Password protected secure device | |
KR102009863B1 (en) | System for entrance security and method using the same | |
WO2013123453A1 (en) | Data storage devices, systems, and methods | |
EP2391967B1 (en) | Password protected secure device | |
EP2175674B1 (en) | Method and system for paring devices | |
KR101240231B1 (en) | A mobile phone id card security system | |
CN108322907B (en) | Card opening method and terminal | |
JP5942910B2 (en) | Key authentication system, key authentication method and program | |
CN105187419A (en) | Authentication method, device, terminal and system | |
CN110225034B (en) | Method, device and equipment for protecting identity card information, identity card, server and storage medium | |
KR20230147085A (en) | Establishing Certification Continuity | |
CN103178960A (en) | Protective function operation control process system | |
KR101909732B1 (en) | System and method for security service | |
CN115527294B (en) | NFC signal vehicle unlocking method of security chip and security chip device | |
KR101505735B1 (en) | Method for Authenticating Near Field Communication Card by using Time Verification | |
KR101553116B1 (en) | Method for Updating Encryption Key between Card and Device | |
KR102149313B1 (en) | Method for Processing Electronic Signature based on Universal Subscriber Identity Module | |
KR101972492B1 (en) | Method for Operating Multiple One Time Password based on SD Memory | |
KR101777041B1 (en) | Method for Generating One Time Password based on Asynchronous Local Area Radio Communication | |
KR101777044B1 (en) | Card for Generating One Time Password based on Asynchronous Local Area Radio Communication | |
US20230376721A1 (en) | Touchless identity card emulator systems and methods | |
KR101777043B1 (en) | Method for Generating Electronic Signature based on Asynchronous Local Area Radio Communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |