CN103475484B - USB key authentication methods and system - Google Patents
USB key authentication methods and system Download PDFInfo
- Publication number
- CN103475484B CN103475484B CN201310409689.9A CN201310409689A CN103475484B CN 103475484 B CN103475484 B CN 103475484B CN 201310409689 A CN201310409689 A CN 201310409689A CN 103475484 B CN103475484 B CN 103475484B
- Authority
- CN
- China
- Prior art keywords
- certification
- usb
- certification terminal
- certificate
- proxy server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
A kind of USB key authentication methods, including:Certification terminal obtains the USB device of insertion, and the USB device of the insertion is mapped into proxy server, and obtains user's mark corresponding with the certification terminal, and user mark is sent into the proxy server;The proxy server is sent to the certificate server by calling USB key driver to obtain the relevant information of encrypted certificate corresponding with the USB device of the mapping, and by the relevant information of the encrypted certificate and user mark;The certificate server judges whether the relevant information of the encrypted certificate matches with user mark, if so, then obtaining certification terminal corresponding with user mark, notifies its certification success.In addition, additionally providing a kind of USB key Verification Systems.Above-mentioned USB key authentication methods and system can be run in the certification terminal for not installing USB key drivings, so as to improve security.
Description
Technical field
The present invention relates to Internet technical field, more particularly to a kind of USB key authentication methods and system.
Background technology
Long-distance identity-certifying in conventional art is generally used in USB key authentication methods, such as Net silver used in everyday, is used
Family in certification terminal in logging in online banks, it is necessary to first insert USB key, and the driver in certification terminal is from insertion
The certificate information for representing user identity is read out in USB key, then by the certificate information and user's mark of input
Certificate server is reached to be authenticated.
However, inventor is it has been investigated that at least there are the following problems in conventional art:USB key in conventional art recognize
In card method, must possess USB key driver in certification terminal, and for only having USB interfaces, but do not have
The certification terminal of USB key driver, can only be authenticated by the certificate file of unencryption, so as to cause security not
It is high.
The content of the invention
Based on this, it is necessary to which providing a kind of can improve the USB key authentication methods of security.
A kind of USB key authentication methods, including:
Certification terminal obtains the USB device of insertion, the USB device of the insertion is mapped into proxy server, and obtain
User's mark corresponding with the certification terminal, the proxy server is sent to by user mark;
The proxy server is by calling USB key driver to obtain corresponding with the USB device of the mapping
The relevant information of encrypted certificate, and the relevant information of the encrypted certificate and user mark are sent to certificate server;
The certificate server judges whether the relevant information of the encrypted certificate matches with user mark, if so,
Certification terminal corresponding with user mark is then obtained, its certification success is notified.
In one of the embodiments, the USB device of the insertion is mapped to proxy server by the certification terminal
Step includes:
The USB device of the insertion is mapped to proxy server by the certification terminal by way of USB over IP.
In one of the embodiments, also include before the step of certification terminal obtains the USB device of insertion:
Certification terminal is initiated in certification request, the certification request comprising use corresponding with certification terminal to certificate server
Family is identified;
The certificate server, which is returned, needs the prompt message by USB key certifications.
In one of the embodiments, the certification terminal is also wrapped to after the step of certificate server initiation certification request
Include:
The certificate server sets up the session of certification terminal corresponding with user mark;
The step of certificate server is obtained with user mark corresponding certification terminal includes:
Obtain and identify respective session with the user, obtain the corresponding certification terminal of the session.
In one of the embodiments, it is described to need to include proxy server in the prompt message by USB key certifications
Address;
The step of USB device of the insertion is mapped to proxy server by the certification terminal be:
The certification terminal is according to the proxy server included in the prompt message needed by USB key certifications
The USB device of the insertion is mapped to proxy server by address.
In addition, there is a need to, offer is a kind of to improve the USB key Verification Systems of security.
A kind of USB key Verification Systems, including certification terminal, proxy server and certificate server, wherein:
The certification terminal is used for the USB device for obtaining insertion, and the USB device of the insertion is mapped into agency service
Device, and user's mark corresponding with the certification terminal is obtained, user mark is sent to the proxy server;
The proxy server is used for by calling USB key driver to obtain the USB device pair with the mapping
The relevant information for the encrypted certificate answered, and the relevant information of the encrypted certificate and user mark are sent to the certification
Server;
The certificate server is used to judge whether the relevant information of the encrypted certificate to match with user mark,
If so, then obtaining certification terminal corresponding with user mark, its certification success is notified.
In one of the embodiments, the certification terminal is additionally operable to the USB device of the insertion passing through USB over
IP mode is mapped to proxy server.
In one of the embodiments, the certification terminal is additionally operable to initiate certification request to certificate server, described to recognize
User corresponding with certification terminal mark is included in card request;
The certificate server, which is additionally operable to return, needs the prompt message by USB key certifications.
In one of the embodiments, the certificate server is additionally operable to set up certification terminal corresponding with user mark
Session;And be additionally operable to obtain and user mark respective session, the corresponding certification terminal of the acquisition session.
In one of the embodiments, it is described to need to include proxy server in the prompt message by USB key certifications
Address:
The certification terminal is additionally operable to according to the agency's clothes included in the prompt message needed by USB key certifications
The USB device of the insertion is mapped to proxy server by the address of business device.
In above-mentioned USB key authentication methods and system, the USB device of insertion is mapped to proxy server by certification terminal
Afterwards, it can be authenticated by proxy server auxiliary on certificate server so that do not possess USB key's in certification terminal
In the case of driving, remain to complete the certification based on USB key by the booster action of proxy server so that user need not
Progress security is relatively low based on unencryption certificate verification, and USB key still can be used not install USB key drivings
It is authenticated in certification terminal, so as to improve security.
Brief description of the drawings
Fig. 1 is the flow chart of USB key authentication methods in one embodiment;
Fig. 2 is the structural representation of USB key Verification Systems in one embodiment.
Embodiment
In one embodiment, as shown in figure 1, a kind of USB key authentication methods, this method places one's entire reliance upon computer journey
Sequence, the computer program can run in the USB key Verification Systems based on Von Neumann system.The USB key Verification Systems
Computer system, including certification terminal, proxy server and certificate server can be based on.Wherein, compared with conventional art, recognize
USB key drivers can need not be installed in card terminal.
This method comprises the following steps:
Step S102, certification terminal obtains the USB device of insertion, and the USB device of insertion is mapped into proxy server, and
User's mark corresponding with certification terminal is obtained, user's mark is sent to proxy server.
The USB key insertion events that can trigger when USB device comprising encrypted certificate is inserted in certification terminal, certification is whole
End can know have USB device to be inserted into certification terminal according to the USB key insertion events, so that the USB for obtaining the insertion is set
It is standby.
In the present embodiment, it can also be initiated before the step of certification terminal obtains the USB device of insertion to certificate server
Identified in certification request, certification request comprising user corresponding with certification terminal.Certificate server, which is returned, to be needed by USB key
The prompt message of certification.
For example, in User logs in Net silver, open to click on after login interface, input account number cipher and submit, now, Net silver visitor
Initiate then to include the account of the input in certification request, the certification request to certificate server in family end(I.e. should with certification terminal-pair
User mark).Certificate server is received after the certification request, returns to prompt message, points out user to be inserted in certification terminal
Enter USB key and carry out USB key certifications.User then inserts USB device after prompt message is received in certification terminal, touches
USB key insertion events are sent out, certification terminal can obtain the USB device of the insertion.In other embodiments, user's mark also may be used
To be the identification informations such as EIC equipment identification code, terminal iidentification.
In another embodiment, certification terminal can also initiate certification request again after insertion USB device.For example, with
When family logs in Net silver, USB key can be first inserted, certification terminal can map that to terminal server, and by its machine recognition
Code(Such as MAC Address)Terminal server is sent to, then user inputs account number cipher on Net silver interface again, and click is carried
Hand over to certificate server and initiate certification request, now, account number cipher information and the certification terminal can be included in certification request
Machine identifier.
It is preferred that, the USB device of insertion can be mapped to agency service by certification terminal by way of USB over IP
Device.
For example, can include the IP address of proxy server in configuration file in certification terminal, certification terminal, which can pass through, to be read
Configuration file is taken to obtain the IP address of proxy server, then with the proxy server in ethernet environment or internet environment
In set up network connection.After network connection is set up, you can be mapped to the USB device of insertion by way of USB over IP
On proxy server.That is, after USB device insertion certification terminal, accessing proxy server via IP network, agency being taken
It is engaged in for device, by the USB over IP USB devices accessed and should be directly inserted on the USB controller of proxy server
USB device is identical.
In another embodiment, in the prompt message the need for foregoing certificate server is returned by USB key certifications
The address of proxy server can be included.
The step of USB device of insertion is mapped to proxy server by certification terminal can be specially:Certification terminal is according to need
The USB device of insertion is mapped to agency by the address for the proxy server to include in the prompt message by USB key certifications
Server.
That is, certification terminal is when initiating certification request and is unaware of needing to be reflected with which proxy server
Penetrate, but pass through the proxy server that is included in the prompt message of USB key certifications the need for being returned according to certificate server
Address is attached with proxy server.So that the network address of proxy server is not exposed to public user, so as to improve
Security.
Step S104, proxy server is by calling USB key driver to obtain corresponding with the USB device mapped
The relevant information of encrypted certificate, and the relevant information of encrypted certificate and user's mark are sent to certificate server.
As above in example, after USB device is mapped on proxy server by certification terminal by USB over IP modes, generation
Reason server can be read by loading USB key drivings to the USB device that this is mapped to, and read out what is wherein stored
The relevant information of encrypted certificate.After reading is finished, then the user's mark letter related to the encrypted certificate sent certification terminal
Breath is sent to certificate server.
Step S106, certificate server judges whether the relevant information of encrypted certificate matches with user's mark, if so, then obtaining
Certification terminal corresponding with user's mark is taken, its certification success is notified.
Certificate server is received after the relevant information and user's mark of the encrypted certificate of proxy server transmission, is passed through
Default algorithm is handled the relevant information of encrypted certificate, is then matched with user mark, if matching, then it represents that
Certification success.
In the present embodiment, certification terminal is to after the step of certificate server initiation certification request, and certificate server is also
The session of certification terminal corresponding with user mark can be set up.
Certificate server obtain with user's mark corresponding certification terminal the step of can be specially:Obtain and identified with user
Respective session, obtains the corresponding certification terminal of session.
If that is, certificate server judges to obtain relevant information and the user of the encrypted certificate of proxy server transmission
Mark matching, then lookup and the corresponding session of user mark in its session, then returns to this by the successful information of certification
The corresponding certification terminal of session.Equally, if authentification failure, the prompt message of authentification failure is also sent back to this by certificate server
The corresponding certification terminal of the corresponding session of user's mark.
In one embodiment, as shown in Fig. 2 a kind of USB key Verification Systems, including certification terminal 102, agency service
Device 104 and certificate server 106, wherein:
Certification terminal 102 is used for the USB device for obtaining insertion, and the USB device of insertion is mapped into proxy server 104,
And acquisition is identified with the corresponding user of certification terminal 102, user's mark is sent to proxy server 104;
Proxy server 104 is used for by calling USB key driver to obtain corresponding with the USB device mapped
The relevant information of encrypted certificate, and the relevant information of encrypted certificate and user's mark are sent to certificate server 106;
Certificate server 106 is used to judge whether the relevant information of encrypted certificate to match with user's mark, if so, then obtaining
Certification terminal 102 corresponding with user's mark, notifies its certification success.
In one embodiment, certification terminal 102 is additionally operable to the USB device of insertion by way of USB over IP
It is mapped to proxy server 104.
In one embodiment, certification terminal 102 is additionally operable to initiate certification request, certification request to certificate server 106
In include and the corresponding user of certification terminal 102 identify;
Certificate server 106, which is additionally operable to return, needs the prompt message by USB key certifications.
In one embodiment, certificate server 106 is additionally operable to set up the meeting of certification terminal 102 corresponding with user's mark
Words;And be additionally operable to obtain and user's mark respective session, the corresponding certification terminal 102 of acquisition session.
In one embodiment, it is necessary to include the ground of proxy server 104 in the prompt message for passing through USB key certifications
Location:
Certification terminal 102 is additionally operable to the proxy server included in the prompt message as desired by USB key certifications
The USB device of insertion is mapped to proxy server 104 by 104 address.
In above-mentioned USB key authentication methods and system, the USB device of insertion is mapped to proxy server by certification terminal
Afterwards, it can be authenticated by proxy server auxiliary on certificate server so that do not possess USB key's in certification terminal
In the case of driving, remain to complete the certification based on USB key by the booster action of proxy server so that user need not
Progress security is relatively low based on unencryption certificate verification, and USB key still can be used not install USB key drivings
It is authenticated in certification terminal, so as to improve security.
One of ordinary skill in the art will appreciate that realize all or part of flow in above-described embodiment method, being can be with
The hardware of correlation is instructed to complete by computer program, described program can be stored in a computer read/write memory medium
In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic
Dish, CD, read-only memory(Read-Only Memory, ROM)Or random access memory(Random Access
Memory, RAM)Deng.
Claims (6)
1. a kind of USB key authentication methods, including:
Certification terminal is initiated in certification request, the certification request comprising user corresponding with certification terminal mark to certificate server
Know, the certificate server, which is returned, needs the prompt message by USB key certifications;
Certification terminal obtains the USB device of insertion, and the USB device of the insertion is mapped into proxy server, including:Certification is whole
End sets the USB of insertion according to the address of the proxy server included in the prompt message needed by USB key certifications
It is standby to be mapped to proxy server, and user's mark corresponding with the certification terminal is obtained, user mark is sent to institute
State proxy server;
The proxy server is by calling USB key driver to obtain encryption corresponding with the USB device of the mapping
The relevant information of certificate, and the relevant information of the encrypted certificate and user mark are sent to certificate server;
The certificate server judges whether the relevant information of the encrypted certificate matches with user mark, if so, then obtaining
Certification terminal corresponding with user mark is taken, its certification success is notified.
2. USB key authentication methods according to claim 1, it is characterised in that the certification terminal is by the insertion
The step of USB device is mapped to proxy server includes:
The USB device of the insertion is mapped to proxy server by the certification terminal by way of USB over IP.
3. USB key authentication methods according to claim 1, it is characterised in that the certification terminal is to certificate server
Also include after the step of initiating certification request:
The certificate server sets up the session of certification terminal corresponding with user mark;
The step of certificate server is obtained with user mark corresponding certification terminal includes:
Obtain and identify respective session with the user, obtain the corresponding certification terminal of the session.
4. a kind of USB key Verification Systems, it is characterised in that including certification terminal, proxy server and certificate server, its
In:The certification terminal is used to initiate to include in certification request, the certification request to certificate server to answer with certification terminal-pair
User mark;Obtain the USB device of insertion, the USB device of the insertion be mapped to proxy server, and obtain with it is described
The corresponding user's mark of certification terminal, the proxy server is sent to by user mark;
The proxy server is used for by calling USB key driver to obtain corresponding with the USB device of the mapping
The relevant information of encrypted certificate, and the relevant information of the encrypted certificate and user mark are sent to the authentication service
Device;
The certificate server is used to judge whether the relevant information of the encrypted certificate to match with user mark, if so,
Certification terminal corresponding with user mark is then obtained, its certification success is notified;
The certificate server, which is additionally operable to return, needs the prompt message by USB key certifications;
The certification terminal is additionally operable to according to the proxy server included in the prompt message needed by USB key certifications
Address the USB device of the insertion is mapped to proxy server.
5. USB key Verification Systems according to claim 4, it is characterised in that the certification terminal is additionally operable to will be described
The USB device of insertion is mapped to proxy server by way of USB over IP.
6. USB key Verification Systems according to claim 4, it is characterised in that the certificate server is additionally operable to set up
The session of certification terminal corresponding with user mark;And be additionally operable to obtain and user mark respective session, obtain described
The corresponding certification terminal of session.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310409689.9A CN103475484B (en) | 2013-09-09 | 2013-09-09 | USB key authentication methods and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310409689.9A CN103475484B (en) | 2013-09-09 | 2013-09-09 | USB key authentication methods and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103475484A CN103475484A (en) | 2013-12-25 |
| CN103475484B true CN103475484B (en) | 2017-09-19 |
Family
ID=49800196
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310409689.9A Active CN103475484B (en) | 2013-09-09 | 2013-09-09 | USB key authentication methods and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103475484B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105303081A (en) * | 2015-05-07 | 2016-02-03 | 同方计算机有限公司 | Method and system of host for identifying ID of USB (Universal Serial Bus) main control chip reliably |
| CN105099705B (en) * | 2015-08-19 | 2018-08-14 | 同方计算机有限公司 | A kind of safety communicating method and its system based on usb protocol |
| CN108303613B (en) * | 2018-01-29 | 2020-11-24 | 深圳平安综合金融服务有限公司 | Method and device for detecting internet bank card, computer equipment and storage medium |
| CN109257391A (en) * | 2018-11-30 | 2019-01-22 | 北京锐安科技有限公司 | A kind of access authority opening method, device, server and storage medium |
| CN110543340A (en) * | 2019-08-09 | 2019-12-06 | 北京信安世纪科技股份有限公司 | Method, device, equipment and medium for determining password equipment corresponding to interface library |
| CN112000942B (en) * | 2020-10-30 | 2021-01-22 | 成都掌控者网络科技有限公司 | Authority list matching method, device, equipment and medium based on authorization behavior |
| CN113806719A (en) * | 2021-09-15 | 2021-12-17 | 大连华信计算机技术股份有限公司 | Remote automatic switching system for RPA + USB cabinet to realize multi-network bank U shield |
| CN114006882A (en) * | 2021-11-12 | 2022-02-01 | 广州青云直上信息科技有限公司 | Control method for automatically identifying remote USB equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100426911B1 (en) * | 2001-08-14 | 2004-04-13 | 아리온통신 주식회사 | The authentication method using USB key in WEB environment |
| CN2667807Y (en) * | 2004-01-08 | 2004-12-29 | 中国工商银行 | Network bank with device for encrypting and idetificating utilizing USB key |
| CN1271485C (en) * | 2004-01-08 | 2006-08-23 | 中国工商银行股份有限公司 | Device and method for proceeding encryption and identification of network bank data |
| CN100486200C (en) * | 2007-04-20 | 2009-05-06 | 福建升腾资讯有限公司 | USB mapping method |
| CN102882871A (en) * | 2012-09-28 | 2013-01-16 | 深圳市赛蓝科技有限公司 | Mobile terminal USB (universal serial bus) virtualized mapping method |
-
2013
- 2013-09-09 CN CN201310409689.9A patent/CN103475484B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN103475484A (en) | 2013-12-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103475484B (en) | USB key authentication methods and system | |
| CN104144419B (en) | Identity authentication method, device and system | |
| CN105472052B (en) | Cross-domain server login method and system | |
| CN109413096B (en) | A kind of login method and device more applied | |
| CN109450649A (en) | Gateway verification method and device based on application program interface and electronic equipment | |
| CN104025503B (en) | Use the webpage certification of client platform root of trust | |
| CN107294900A (en) | Identity registration method and apparatus based on biological characteristic | |
| CN109325342A (en) | Identity information management method, apparatus, computer equipment and storage medium | |
| US8261336B2 (en) | System and method for making accessible a set of services to users | |
| CN103427995B (en) | User authentication method, SSL (security socket layer) VPN (virtual private network) server and SSL VPN system | |
| CN105162775A (en) | Logging method and device of virtual machine | |
| CN105022939B (en) | Information Authentication method and device | |
| CN106341233A (en) | Authentication method for client to log into server, device, system and electronic device | |
| CN111881483B (en) | Resource account binding method, device, equipment and medium based on blockchain | |
| CN105162774B (en) | Virtual machine entry method, the virtual machine entry method and device for terminal | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| CN109218389A (en) | The method, apparatus and storage medium and electronic equipment of processing business request | |
| CN113569263A (en) | Secure processing method and device for cross-private-domain data and electronic equipment | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN104935548A (en) | Identity verification method, device and system based on intelligent tattooing equipment | |
| CN109829321B (en) | Method, device, equipment and storage medium for authenticating identity | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN103559430B (en) | application account management method and device based on Android system | |
| CN111898110A (en) | Method, device, server and storage medium for acquiring user identity information | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200616 Address after: Nanshan District Xueyuan Road in Shenzhen city of Guangdong province 518000 No. 1001 Nanshan Chi Park building A1 layer Patentee after: SANGFOR TECHNOLOGIES Inc. Address before: 518051 room 410, technology innovation service center, 1 Qilin Road, Shenzhen, Guangdong, Nanshan District Patentee before: Shenxin network technology (Shenzhen) Co.,Ltd. |