CN104270251A - Password sharing method for compound type intelligent password equipment - Google Patents
Password sharing method for compound type intelligent password equipment Download PDFInfo
- Publication number
- CN104270251A CN104270251A CN201410514434.3A CN201410514434A CN104270251A CN 104270251 A CN104270251 A CN 104270251A CN 201410514434 A CN201410514434 A CN 201410514434A CN 104270251 A CN104270251 A CN 104270251A
- Authority
- CN
- China
- Prior art keywords
- password
- main control
- control unit
- dynamic token
- external equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides a password sharing method for compound type intelligent password equipment. The password sharing method comprises the following steps that an intelligent password key main control unit of the compound type intelligent password equipment judges whether the compound type intelligent password equipment is connected with an external device; when the compound type intelligent password equipment is not connected with the external device according to judgment, a dynamic token main control unit of the compound type intelligent password equipment verifies a power-on password input by a user at the compound type intelligent password equipment according to a shared password stored in the dynamic token main control unit; when the compound type intelligent password equipment is connected with the external device according to judgment, the dynamic token main control unit verifies a personal identification number received by the intelligent password key main control unit and input by the user through the connected external device according to the shared password stored in the dynamic token main control unit. In this way, due to the method of unifying the intelligent password key personal identification number and a dynamic token power-on password in the compound type intelligent password equipment as one password, the situation that the user confuses the intelligent password key personal identification number and the dynamic token power-on password is avoided.
Description
Technical field
The present invention relates to field of information security technology, particularly a kind of combined intelligent encryption device shares the method for password.
Background technology
Combined intelligent encryption device is made up of intelligent code key and dynamic token, and when combined intelligent encryption device is inserted into the online use of the USB port of computer, it is intelligent code key; When the USB port off line that combined intelligent encryption device is not inserted into computer uses, it is dynamic token.
Combined intelligent encryption device is online when being used as intelligent code key to use, Auto Power On, without the need to verifying startup password, but needs to verify the PIN (PIN, Personal Identification Number) in intelligent code key.When combined intelligent encryption device off line is used as dynamic token, it needs the startup password verifying dynamic token.In prior art, PIN is kept in the safety chip of intelligent code key, startup password is kept in the safety chip of dynamic token, they are two completely separate cover passwords, user needs when online use intelligent code key to verify PIN, off line use dynamic token time need input startup password, when PIN and startup password inconsistent time, user is very easy to obscure.
Summary of the invention
In view of this, main purpose of the present invention is, there is provided a kind of combined intelligent encryption device to share the method for password, be single password by intelligent code key PIN in combined intelligent encryption device and the unification of dynamic token startup password, avoid user the two to be obscured.
The method that described combined intelligent encryption device shares password comprises step:
The intelligent code key main control unit of combined intelligent encryption device judges whether it connects external equipment;
When being judged as the state not connecting external equipment, the startup password that the dynamic token main control unit of combined intelligent encryption device inputs at combined intelligent encryption device according to the shared password authentification user that it stores;
When being judged as the state connecting external equipment, the described shared password authentification that described dynamic token main control unit stores according to it is received by intelligent code key main control unit, user passes through the PIN that connected external equipment inputs.
By upper, by intelligent code key PIN in combined intelligent encryption device and the unified method for single password of dynamic token startup password, user is avoided the two to be obscured.
Optionally, described dynamic token main control unit received by intelligent code key main control unit according to the described shared password authentification that it stores, step that user passes through the PIN that connected external equipment inputs comprises:
Described external equipment receives the PIN of user's input;
Intelligent code key main control unit generates a random number, is transferred to connected described external equipment and dynamic token main control unit respectively;
Described PIN and described random number are carried out splicing to described external equipment and cryptographic calculation generates the first value, and by intelligent code key master unit transmissions to dynamic token main control unit;
Described shared password and described random number are carried out splicing to dynamic token main control unit and cryptographic calculation generates the second value, and according to described first value of the second value checking.
By upper, adopt and share the checking of password realization for PIN.
Optionally, described cryptographic algorithm comprises hash function cryptographic calculation.
Optionally, judge whether that the step connecting external equipment comprises:
Whether described intelligent code key main control unit has curtage to judge whether to connect external equipment according to the VCC port of the USB interface of its correspondence.
Optionally, described external equipment comprises computer.
Accompanying drawing explanation
Fig. 1 is the principle schematic of combined intelligent encryption device;
Fig. 2 is the flow chart that combined intelligent encryption device shares the method for password.
Embodiment
Combined intelligent encryption device provided by the present invention shares the method for password, by intelligent code key PIN in combined intelligent encryption device and the unified method for single password of dynamic token startup password, avoids user the two to be obscured.
Combined intelligent encryption device principle schematic as shown in Figure 1, in figure, solid line represents data transfer direction, and dotted line represents current delivery direction.Combined intelligent encryption device comprises the dynamic token main control unit 10 and intelligent code key main control unit 20 that are connected by serial ports.Also comprise the button 11, display unit 12 and the power supply unit 13 that are connected with dynamic token main control unit 10 respectively, and the USB interface 21 be connected with intelligent code key main control unit 20 respectively and memory cell 22.
In the present embodiment, intelligent code key PIN and the unification of dynamic token startup password are a shared password, are stored in dynamic token main control unit 10, by dynamic token main control unit 10 according to described shared password authentification identification code and startup password.
Described intelligent code key main control unit 20, for whether having electric current to flow into the operating state judging combined intelligent encryption device according to the VCC port of USB interface 21, comprises on-line working and non-on-line working.The information that intelligent code key main control unit 20 is interacted by USB interface 21 and computer is stored in memory cell 22.
The method that combined intelligent encryption device shares password comprises the following steps:
Step 200: judge combined intelligent cipher key whether on-line working.
Whether intelligent code key main control unit 20 has electric current by the VCC port of USB interface 21, if no current represents non-on-line working, namely uses as dynamic token, enters step 2011; There is electric current to represent on-line working, namely use as intelligent code key, enter step 2021.
Step 2011: prompting user inputs startup password.
When using as dynamic token, after starting combined intelligent encryption device by mains switch, dynamic token main control unit 10 controls display unit 12 output prompting user and inputs startup password.
Step 2012: whether the startup password comparing user's input is consistent with shared password.
User inputs startup password by button 11, and dynamic token main control unit 10 verifies that whether the startup password of described input is consistent with the shared password formerly stored, if unanimously, then enters step 2013; Otherwise enter step 2014.
Step 2013: allow to carry out the operation of dynamic token relevant subsequent, terminate the cryptographic check process in this start process.
When Password Input is correct, dynamic token main control unit 10 allows user to modify the subsequent operation such as password or transaction, and concrete operations repeat no more.
Step 2014: the error count of password subtracts 1.
When user by button 11 input startup password and shared password inconsistent time, error count right for cryptographic core is subtracted 1 by dynamic token main control unit 10.For improving the serious forgiveness of Password Input, the error count of password is set to 3 by the present embodiment, and when user inputs password by mistake first time, the error count of password is just 2; When user's second time inputs password by mistake, the error count of password is just 1, by that analogy.
Step 2015: whether the error count judging password is 0.
When the error count of password reaches specified number of times, enter step 2016; When not reaching specified number of times, return step 2011.
Step 2016: password locking.
So far, the password identification process under non-on-line working is terminated.
Step 2021: prompting user inputs PIN.
When combined intelligent cipher key on-line working, user inputs PIN by computer interface.
Step 2022: computer is encrypted computing to PIN.
Intelligent code key main control unit 20 generates a random number R, respectively by USB interface 21 and serial ports, described random number R is sent to computer and dynamic token main control unit 10.
The PIN that user inputs by computer and described random number R are spliced, and carry out hash function cryptographic calculation (Hash function) to the result of splicing, operation result is designated as HASH
1, by HASH
1intelligent code key main control unit 20 is fed back to by USB interface 21.
Step 2023: dynamic token main control unit 10 judges whether code error counting is 0.
Intelligent code key main control unit 20 receives above-mentioned cryptographic calculation result HASH
1after, communicate with dynamic token main control unit 10, by HASH
1be sent to dynamic token main control unit 10.
First dynamic token main control unit 10 checks whether error count is 0.If error count to 0, then enters step 2028, otherwise enters step 2024.
Step 2024: dynamic token main control unit 10 verifies PIN.
Shared password and random number R splice by dynamic token main control unit 10, and carry out hash function cryptographic calculation to splicing result, operation result is designated as HASH
2.
Relatively HASH
1with HASH
2whether identical, identical, be then verified, enter step 2025; Not identical then not by checking, enter step 2026.
Step 2025: allow to carry out the operation of intelligent code key relevant subsequent.
After checking PIN is correct, user is just undertaken transferring accounts by computer or the transactional operation such as payment, and concrete operations repeat no more.
Step 2026: the error count of PIN subtracts 1.
Identical with the principle of step 2014, for improving the serious forgiveness of PIN input, the error count of identification code is set to 3 by the present embodiment, and when user inputs identification code by mistake first time, the error count of identification code is just 2; When user's second time inputs identification code by mistake, the error count of identification code is just 1, by that analogy.
Step 2027: whether the error count judging password is 0.
When the error count of PIN reaches specified number of times, enter step 2028; When not reaching specified number of times, return step 2021.
Step 2028: password locking.
So far, the password identification process under on-line working is terminated.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention.In a word, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (5)
1. combined intelligent encryption device shares a method for password, it is characterized in that, comprises step:
The intelligent code key main control unit of combined intelligent encryption device judges whether it connects external equipment;
When being judged as the state not connecting external equipment, the startup password that the dynamic token main control unit of combined intelligent encryption device inputs at combined intelligent encryption device according to the shared password authentification user that it stores;
When being judged as the state connecting external equipment, the described shared password authentification that described dynamic token main control unit stores according to it is received by intelligent code key main control unit, user passes through the PIN that connected external equipment inputs.
2. method according to claim 1, it is characterized in that, the step that the described shared password authentification that described dynamic token main control unit stores according to it is received by intelligent code key main control unit, user passes through the PIN that connected external equipment inputs comprises:
Described external equipment receives the PIN of user's input;
Intelligent code key main control unit generates a random number, is transferred to connected described external equipment and dynamic token main control unit respectively;
Described PIN and described random number are carried out splicing to described external equipment and cryptographic calculation generates the first value, and by intelligent code key master unit transmissions to dynamic token main control unit;
Described shared password and described random number are carried out splicing to dynamic token main control unit and cryptographic calculation generates the second value, and according to described first value of the second value checking.
3. method according to claim 2, is characterized in that, described cryptographic algorithm comprises hash function cryptographic calculation.
4. method according to claim 1, is characterized in that, judges whether that the step connecting external equipment comprises:
Whether described intelligent code key main control unit has curtage to judge whether to connect external equipment according to the VCC port of the USB interface of its correspondence.
5. method according to claim 1, is characterized in that, described external equipment comprises computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410514434.3A CN104270251B (en) | 2014-09-29 | 2014-09-29 | A kind of method that combined intelligent encryption device shares password |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410514434.3A CN104270251B (en) | 2014-09-29 | 2014-09-29 | A kind of method that combined intelligent encryption device shares password |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104270251A true CN104270251A (en) | 2015-01-07 |
| CN104270251B CN104270251B (en) | 2018-04-06 |
Family
ID=52161745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410514434.3A Active CN104270251B (en) | 2014-09-29 | 2014-09-29 | A kind of method that combined intelligent encryption device shares password |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104270251B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100432953C (en) * | 2001-04-18 | 2008-11-12 | 摩托罗拉公司 | System and method for secure and convenient management of digital electronic content |
| CN101848088A (en) * | 2009-12-28 | 2010-09-29 | 北京海泰方圆科技有限公司 | System for submitting personal identification codes by using cipher algorithm |
| CN101938353A (en) * | 2010-08-03 | 2011-01-05 | 北京海泰方圆科技有限公司 | Method for remotely resetting personal identification number (PIN) of key device |
| CN102567686A (en) * | 2012-01-06 | 2012-07-11 | 上海凯卓信息科技有限公司 | Security authentication method of application software of mobile terminal based on human body stable characteristics |
| CN103595532A (en) * | 2013-10-21 | 2014-02-19 | 上海动联信息技术股份有限公司 | Multi-functional composite password key based on USBKEY and OTP technology |
-
2014
- 2014-09-29 CN CN201410514434.3A patent/CN104270251B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100432953C (en) * | 2001-04-18 | 2008-11-12 | 摩托罗拉公司 | System and method for secure and convenient management of digital electronic content |
| CN101848088A (en) * | 2009-12-28 | 2010-09-29 | 北京海泰方圆科技有限公司 | System for submitting personal identification codes by using cipher algorithm |
| CN101938353A (en) * | 2010-08-03 | 2011-01-05 | 北京海泰方圆科技有限公司 | Method for remotely resetting personal identification number (PIN) of key device |
| CN102567686A (en) * | 2012-01-06 | 2012-07-11 | 上海凯卓信息科技有限公司 | Security authentication method of application software of mobile terminal based on human body stable characteristics |
| CN103595532A (en) * | 2013-10-21 | 2014-02-19 | 上海动联信息技术股份有限公司 | Multi-functional composite password key based on USBKEY and OTP technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104270251B (en) | 2018-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210084030A1 (en) | One-time-password generated on reader device using key read from personal security device | |
| DK2995039T3 (en) | SYSTEMS AND PROCEDURES FOR SECURE COMMUNICATION. | |
| JP6665217B2 (en) | Establish a secure session between the card reader and mobile device | |
| US10853802B2 (en) | Data storage key for secure online transactions | |
| JP6509845B2 (en) | Secure Mobile User Interface and Mobile Device Case | |
| US11557164B2 (en) | Contactless card personal identification system | |
| US20190114631A1 (en) | Method and apparatus for secure offline payment | |
| CN110337797A (en) | Method for executing two-factor authentication | |
| BR112016011293B1 (en) | TERMINAL, MOBILE DEVICE, AND METHOD FOR CONDUCTING A CONVENIENT AND SECURE MOBILE TRANSACTION USING A TERMINAL AND A MOBILE DEVICE | |
| EP2690840B1 (en) | Internet based security information interaction apparatus and method | |
| CN103457922A (en) | Electronic authentication client-side system, processing method, electronic authentication system and method | |
| EP3676746A1 (en) | A system and a method for signing transactions using airgapped private keys | |
| JP2015138545A (en) | Electronic payment system and electronic payment method | |
| CN103198247A (en) | Computer safety protection method and computer safety protection system | |
| CN104835038A (en) | Networking payment device and networking payment method | |
| CN105162605A (en) | Digital signature and authentication method | |
| CN105989481B (en) | Data interaction method and system | |
| WO2016059546A1 (en) | Secure authentication token | |
| CN104270251A (en) | Password sharing method for compound type intelligent password equipment | |
| CZ2007205A3 (en) | Method of making authorized electronic signature of authorized person and apparatus for making the same | |
| RU2633186C1 (en) | Personal device for authentication and data protection | |
| CN204166573U (en) | Transaction security authenticate device | |
| CN117077111A (en) | Authorization method, device, system, equipment and storage medium | |
| CN103220135A (en) | IC (Integrated Circuit) card intelligent gas meter with information safety management function | |
| US20180374084A1 (en) | Method for securing a transaction from a mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100094, Beijing, Haidian District, West Road, No. 8, Zhongguancun Software Park, building 9, international software building E, one floor, two layers Applicant after: BEIJING HAITAI FANGYUAN HIGH TECHNOLOGY CO., LTD. Address before: 100094, Beijing, Haidian District, West Road, No. 8, Zhongguancun Software Park, building 9, international software building E, one floor, two layers Applicant before: Beijing Haitai Fangyuan High Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |