CN103368732A - Universal serial bus apparatus authentication method and universal serial bus apparatus relevant to same - Google Patents
Universal serial bus apparatus authentication method and universal serial bus apparatus relevant to same Download PDFInfo
- Publication number
- CN103368732A CN103368732A CN2012100862979A CN201210086297A CN103368732A CN 103368732 A CN103368732 A CN 103368732A CN 2012100862979 A CN2012100862979 A CN 2012100862979A CN 201210086297 A CN201210086297 A CN 201210086297A CN 103368732 A CN103368732 A CN 103368732A
- Authority
- CN
- China
- Prior art keywords
- server
- serial bus
- universal serial
- switch
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a universal serial bus apparatus authentication method which comprises the following steps: a client end carries out interactive challenge response through a server and an authentication server, and therefore a verification result is generated to indicate whether a server which logs in is correct; once that the server which logs in is correct is confirmed, a one-time password is generated again for personnel log-in operation.
Description
Technical field
The present invention relates to a kind of USB (Universal Serial Bus, USB) device authentication method and relevant universal serial bus device thereof, espespecially a kind of universal serial bus device authentication method and relevant universal serial bus device thereof that reduces cost and increase fail safe.
Background technology
In computer network, general data transmission, authentication or software accesses to your account in use usually, password or mode or the equipment of token (Token), whether authenticate the user is the proper user who authorizes.Common mode user can apply for to token company the hardware unit of a token, and starts and set protection to particular account via particular webpage.Whenever the user wants the protected account of access; when software or particular server when (as login the ad hoc networks territory or login the account in particular network shop); the user pre-enters user's account and password; then require the user to insert token at user's computer and verify account; whether password and token be correct; if can use this software, account or data after correct.
In aforementioned user's authentication mode, generally all be to make final decision by server, determine whether to authenticate to pass through.Yet such security schema still exists risk.For instance, the user may be linked to false website accidentally, then input the shown disposal password of token (one time password, OTP) after, false website can be logined action again and turn the website and enter true website, and causes risk.In addition, known token utilizes the liquid crystal display mode to show disposal password usually, is inputted by the user again, and this mode not only needs liquid crystal display and cost is higher, and inconvenient.In view of this, known technology has improved necessity in fact.
Summary of the invention
Therefore, main purpose of the present invention namely is to provide a kind of universal serial bus device authentication method and relevant universal serial bus device thereof that reduces cost and increase fail safe.
Whether it is to carry out mutual challenge responses by client via a server and a certificate server that the present invention discloses a kind of this authentication method, produce by this a result and indicate the server of logining correct; Once confirm the server login be correct after, produce again a disposal password and carry out personnel and login.
The present invention also discloses a kind of universal serial bus device, and this universal serial bus device includes a delivery unit, is used for transmitting message to a server that carries out mutual challenge responses with a certificate server; One receiving element is used for receiving message and the message affirmation result who carries out mutual challenge responses with rear end one certificate server; One judging unit judges whether the message of the challenge responses that receives is correct; And a password generation unit, be used for result according to this challenge responses, produce a disposal password.
Cooperate detailed description and claims of following diagram, embodiment at this, with on address other purpose of the present invention and advantage and be specified in after.
Description of drawings
Fig. 1 is the schematic diagram of the embodiment of the invention one identifying procedure.
Fig. 2 is the schematic diagram of the embodiment of the invention one token.
Wherein, description of reference numerals is as follows:
10 identifying procedures
100~190 steps
12 servers
14,20 tokens
16 certificate servers
200 connecting interfaces
210 receiving elements
220 delivery units
230 password generation units
240 judging units
250 cressets
260 switches
C1, C2 challenge expressly
R1, R2 response value
The OTP disposal password
The AU_RES the result
Embodiment
Please refer to Fig. 1, Fig. 1 is the schematic diagram of the embodiment of the invention one identifying procedure 10.Identifying procedure 10 is used for realizing a server 12 and one certificate server 16 and a USB (Universal Serial Bus, USB) 14 authentication of device, it for example is token (Token) 14, wherein, server 12 can be a Website server and token 14 can be via the employed user's computer association service device 12 of user.Identifying procedure 10 comprises the following steps:
Step 110: token 14 transmits a challenge plaintext C1 of token 14 to server 12.
Step 120: server 12 turns to pass challenges (Challenge) plaintext C1 to certificate server 16.
Step 130: certificate server 16 produces response (Response) value R1 according to challenge plaintext C1 with an algorithm.
Step 140: certificate server 16 transmits response R1 and and challenges plaintext C2 to token 14.
Step 150: token 14 judges with this algorithm whether response R1 is correct, and according to challenge plaintext C2, produces a response R2 with this algorithm.
Step 160: token 14 sends back via server 12 should be worth R2 to certificate server 16.
Step 170: certificate server 16 judges with this algorithm whether response R2 is correct.
Step 180: certificate server 16 passback one the result AU_RES indicates whether to be proved to be successful to token 14.
Step 190: token 14 produces a disposal password OTP according to the result AU_RES.
Whether according to identifying procedure 10, token 14 carries out bi-directional verification via a server 12 with certificate server 16, successful to produce the result AU_RES indication bi-directional verification, and then according to the result AU_RES, produces a disposal password OTP.Specifically, token 14 transmits challenge plaintext C1 to server 12, and server 12 turns biography challenge plaintext C1 to certificate server 16 (being the message that server 12 proxy authentication servers 16 receive from token 14), allow again certificate server 16 according to challenge plaintext C1, produce a response R1 with an algorithm, then transmit response R1 and a challenge plaintext C2 to token 14.Then, whether correctly token 14 judges response R1 (namely calculating challenge plaintext C1 with this algorithm compares result and response R1 again) with this algorithm again, and according to challenge plaintext C2, produce a response R2 with this algorithm, then transmit response R2 to certificate server 16 via server 12.At last, whether correctly certificate server 16 judges response R2 (namely calculating challenge plaintext C2 with this algorithm compares result and response R2 again) with this algorithm, then returning a result AU_RES indicates whether to be proved to be successful to token 14, so that token 14, produces a disposal password OTP according to the result AU_RES.Therefore, when the result AU_RES indication authentication failed, represent that then this server of logining is not legal server, this moment, token 14 did not produce disposal password OTP, and when the as a result AU_RES indication of checking card is proved to be successful, token 14 just according to user's operation, produces disposal password OTP.It should be noted that, because token 14 carries out bi-directional verification via a server 12 with certificate server 16, therefore when the as a result AU_RES of checking indication was proved to be successful, server 12 was one and is logined main frame (not logined main frame by approval can't turn the message and the certificate server 16 that transmit from token 14 and carry out bi-directional verification) by approval.
In this case, token 14 can comprise that at least one cresset shows checking situation (for example blue lamp represents to be proved to be successful and blue lamp flicker expression checking well afoot), therefore the user can be when the cresset demonstration be proved to be successful, trigger a switch of token 14, then token 14 can produce and directly transmit disposal password OTP to server 12, and do not need to be inputted by the user again, then server 12 turns and passes disposal password OTP and verify to certificate server 16, when certificate server 16 confirms that disposal password OTP is correct, but announcement server 12 allows the user to login.Wherein, the switch of above-mentioned token 14 can be a touch-control sensing formula switch, and utilizes this switch of touch-control to trigger, but the switch of token 14 also can be the switch (such as mechanism type switch or push-button switch) of other form, and is not limited to this.
In other words, token 14 turns to pass via server 12 challenges plaintext C1 to certificate server 16, so that certificate server 16 is according to challenge plaintext C1, produce corresponding response R1, and repayment gives token and 14 makes demonstration validation, and then token 14 produces corresponding response R2 according to challenge C2 expressly, and turn to pass back via server 12 and offer certificate server 16 as checking, to produce this result.In the situation that be proved to be successful, the user can trigger the switch of token 14, with direct transmission disposal password OTP to server 12, turn via server 12 again and reach certificate server 16 and verify and successfully login the target of wanting access, as net territory or webpage, and can disposal password OTP not inputed to false website (false website can't turn the message and the certificate server 16 that transmit from token 14 and carry out bi-directional verification, therefore can't successfully carry out bi-directional verification) by mistake.As from the foregoing, in identifying procedure 10, token 14 has carried out adopting for twice the checking flow process of challenge/response mode via server 12 and certificate server 16, and token 14 just can be exported disposal password OTP and login to server 12 after judgement is proved to be successful, therefore can disposal password OTP not inputed to false website by mistake.Thus, token 14 of the present invention is except carrying out bi-directional verification to judge that whether server 12 is as correct website via server 12 and certificate server 16, thereby can increase outside the fail safe, the user can be sent to server 12 and it turned reach certificate server 16 and verify via triggering the disposal password OTP that will produce when switch directly will be proved to be successful on the token 14, so outside increasing convenience, but token 14 does not need liquid crystal display to show disposal password OTP and Cost reduction.
In addition, the user is before using the staff of authority 14 to carry out aforesaid operations, can a software be installed at user's computer, it can require the user to insert token 14 behind the computers and the inspection password when requiring the user to input a password as each the use, and require the online address of the server that will login, check then whether server exists.Then, at each staff of authority 14 that uses, the user must input first this password and carry out user's affirmation, finish just carry out when confirming aforesaid operations (token 14 inserting computer but not yet input this password carry out the user when confirming cresset can be during red light represents that the user confirms, and after the user confirms with blue lamp flicker expression checking well afoot).
Please refer to Fig. 2, Fig. 2 is the schematic diagram of the embodiment of the invention one token 20.Token 20 is used for realizing the token 14 in the identifying procedure 10, and comprises a connecting interface 200, a receiving element 210, a delivery unit 220, a password generation unit 230, a judging unit 240, a cresset 250 and a switch 260.Receiving element 210 and delivery unit 220 carry out handshaking by connecting interface 200 via user's computer and a server (such as the server 12 of Fig. 1).Connecting interface 200 can be USB (Universal Serial Bus, USB), the interfaces such as a line printing terminal (Line Print Terminal, LPT) or RS-232, to allow token 20 can use the communication protocol identical with user's computer or transmission data encipher mode, again via user's computer and server exchange data.When delivery unit 220 by connecting interface 200 via server-challenge expressly during C1 to a certificate server, certificate server 16 can produce corresponding response R1 according to challenge C1 expressly, and repayment gives token and 20 makes demonstration validation.Then, when receiving element 210 receives response R1, judging unit 240 can judge whether response R1 is correct by this algorithm, then the challenge that receives according to receiving element 210 of delivery unit 220 C2 expressly, the response R2 that transmits correspondence gives certificate server and carries out demonstration validation, returns according to this result AU_RES by certificate server again.When the result AU_RES indication is proved to be successful, produce disposal password OTP according to the user again, and cresset 250 can be proved to be successful in the ad hoc fashion demonstration, but then user's trigger switch 260 direct disposal password OTP that password generation unit 230 is produced export server to.Because token 20 can be used to realize the token 14 in the identifying procedure 10, therefore detailed identifying procedure please refer to Fig. 1 explanation, is not repeated herein.
In known technology, the user may be linked to false website accidentally, then input the shown disposal password of token after, false website can be logined action again and turn the website and enter true website, and causes risk.In addition, known token utilizes the liquid crystal display mode to show disposal password usually, is inputted by the user again, and this mode not only needs liquid crystal display and cost is higher, and inconvenient.In comparison, token of the present invention is except carrying out bi-directional verification to judge that whether server is as correct website via server and certificate server, thereby can increase outside the fail safe, the user can be sent to server and it turned reach certificate server and verify via triggering the disposal password that will produce when switch directly will be proved to be successful on the token, so outside increasing convenience, but token does not need liquid crystal display to show disposal password and Cost reduction.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. an authentication method that is used for a universal serial bus device is characterized in that, includes:
Carry out bi-directional verification via a server and a certificate server, indicate whether to be proved to be successful to produce a result; And
According to this authentication result, produce a disposal password.
2. authentication method as claimed in claim 1 is characterized in that, when this result indication was proved to be successful, this server was that main frame is logined in a quilt approval.
3. authentication method as claimed in claim 1 is characterized in that, also is included in this result and indicates when being proved to be successful, and triggers a switch of this USB, to produce and to transmit this disposal password to this server.
4. authentication method as claimed in claim 3 is characterized in that, this server turns biography this disposal password to this certificate server and verifies.
5. authentication method as claimed in claim 3 is characterized in that, this switch is a touch-control sensing formula switch, and the step that triggers this switch of this USB includes this switch of touch-control.
6. authentication method as claimed in claim 1 is characterized in that, also comprises with at least one cresset showing a checking situation.
7. a universal serial bus device is characterized in that, includes:
One delivery unit is used for transmitting message to a server that carries out bi-directional verification with a certificate server;
One receiving element is used for receiving message and a result that carries out bi-directional verification with a certificate server;
One judging unit judges whether institute receives the message that authenticates and verify correct; And
One password generation unit is used for producing a disposal password according to this result.
8. universal serial bus device as claimed in claim 7 is characterized in that, when this result indication was proved to be successful, this server was that main frame is logined in a quilt approval.
9. universal serial bus device as claimed in claim 7 is characterized in that, also comprises a switch, is used for receiving when this result indication is proved to be successful triggering, so that this delivery unit transmits this disposal password to this server.
10. universal serial bus device as claimed in claim 9 is characterized in that, this server turns biography this disposal password to this certificate server and verifies.
11. universal serial bus device as claimed in claim 9 is characterized in that, this switch is a touch-control sensing formula switch, and utilizes this switch of touch-control to trigger this switch.
12. universal serial bus device as claimed in claim 7 is characterized in that, also comprises at least one cresset, is used for showing a checking situation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100862979A CN103368732A (en) | 2012-03-26 | 2012-03-26 | Universal serial bus apparatus authentication method and universal serial bus apparatus relevant to same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100862979A CN103368732A (en) | 2012-03-26 | 2012-03-26 | Universal serial bus apparatus authentication method and universal serial bus apparatus relevant to same |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103368732A true CN103368732A (en) | 2013-10-23 |
Family
ID=49369335
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100862979A Pending CN103368732A (en) | 2012-03-26 | 2012-03-26 | Universal serial bus apparatus authentication method and universal serial bus apparatus relevant to same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103368732A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080034216A1 (en) * | 2006-08-03 | 2008-02-07 | Eric Chun Wah Law | Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords |
| CN101453458A (en) * | 2007-12-06 | 2009-06-10 | 北京唐桓科技发展有限公司 | Personal identification process for dynamic cipher password bidirectional authentication based on multiple variables |
| WO2011076764A1 (en) * | 2009-12-22 | 2011-06-30 | Gemalto Sa | Authenticating human interface device |
-
2012
- 2012-03-26 CN CN2012100862979A patent/CN103368732A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080034216A1 (en) * | 2006-08-03 | 2008-02-07 | Eric Chun Wah Law | Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords |
| CN101453458A (en) * | 2007-12-06 | 2009-06-10 | 北京唐桓科技发展有限公司 | Personal identification process for dynamic cipher password bidirectional authentication based on multiple variables |
| WO2011076764A1 (en) * | 2009-12-22 | 2011-06-30 | Gemalto Sa | Authenticating human interface device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107690788B (en) | Identification and/or authentication system and method | |
| US20120066749A1 (en) | Method and computer program for generation and verification of otp between server and mobile device using multiple channels | |
| US9876786B2 (en) | Method for verifying security data, system, and a computer-readable storage device | |
| CN103200176A (en) | Identification method, identification device and identification system based on bank independent communication channel | |
| CN107358419A (en) | Airborne Terminal pays method for authenticating, device and system | |
| CA2691499A1 (en) | A method and system for secure authentication | |
| KR20170121683A (en) | User centric authentication mehtod and system | |
| CN106796630A (en) | User authentication | |
| JP2017513159A (en) | O2O secure settlement method and O2O secure settlement system | |
| EP3154287B1 (en) | Method, apparatus and system for authorizing, by a remote server, short-range wireless communication between a peripheral device and a terminal | |
| CN104301288B (en) | Online identity certification, online transaction checking, the method and system of online verification protection | |
| KR101206854B1 (en) | Authentication system and method based by unique identifier | |
| CN103179564A (en) | Network application logging in method based on mobile terminal authentication | |
| KR102313868B1 (en) | Cross authentication method and system using one time password | |
| WO2017029708A1 (en) | Personal authentication system | |
| KR101681457B1 (en) | 2-channel authentication system and method for a financial transfer | |
| TW201338496A (en) | Authentication method for a universal serial bus device and related universal serial bus device | |
| CN103368732A (en) | Universal serial bus apparatus authentication method and universal serial bus apparatus relevant to same | |
| WO2016076558A1 (en) | Certification pattern determination method and payment method using same | |
| KR20150004540A (en) | Method for Operating Multiple One Time Password based on Near Field Communication for Error Management | |
| CN111461706A (en) | User information binding method and device based on block chain | |
| KR20120007591A (en) | System and method for providing financial transaction service using complex media | |
| CN102468958A (en) | Hardware lock device authentication method and related hardware lock device | |
| KR20180037169A (en) | User authentication method and system using one time password | |
| CN208158627U (en) | A kind of software uses control system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131023 |