CN104660412A - Password-less security authentication method and system for mobile equipment - Google Patents
Password-less security authentication method and system for mobile equipment Download PDFInfo
- Publication number
- CN104660412A CN104660412A CN201410566121.2A CN201410566121A CN104660412A CN 104660412 A CN104660412 A CN 104660412A CN 201410566121 A CN201410566121 A CN 201410566121A CN 104660412 A CN104660412 A CN 104660412A
- Authority
- CN
- China
- Prior art keywords
- module
- cipher
- signature value
- information
- key module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a password-less security authentication method and a password-less security authentication system for mobile equipment. The method comprises the following steps: a key module starting step, wherein the starting condition of a key module is that fingerprint verification passes; a key module calling step, to be specific, the key module generates a key pair and a random number, signs the random number, and transmits related information to an application server; a signature value verification step, to be specific, the application server verifies a signature value, determines that operation succeeds if the signature value passes verification, transmits a result to a client module, and if the signature value does not pass verification, determines that operation fails, and transmits a result to the client module. According to the method and the system, the problem about the security authentication of the mobile equipment is solved.
Description
Technical field
The present invention relates to software, cryptography and field of communication security, particularly relate to cipher authentication technique field.
Background technology
The present invention relates to the concepts such as public private key systems and living things feature recognition.Public private key systems is a kind of asymmetric cryptographic technique, is different from traditional symmetric cryptographic technique.Public private key systems encryption and decryption process uses different password operators, i.e. PKI and private key pair.This technology is widely used in the secure contexts such as internet encrypted, signature.Biological characteristic is that it has uniqueness, and the present invention adopts fingerprint characteristic as human body or behavioural characteristics such as fingerprint, iris, voice.The present invention, by together with these two kinds of combine with technique of public private key systems and fingerprint recognition, systematically solves the safety certification difficult problem in mobile Internet epoch.Specifically may be used for mobile-phone payment safety certification, the certification of mobile phone application safety, the certificate verification of enterprise USB finger print safety.
In practical application, HTC, Samsung, Huawei etc. give hardware level finger print identifying solution in the mobile phone released.But these schemes lay particular emphasis on fingerprint recognition, there is certain limitation.For the Mate7 fingerprint technique that Huawei releases on September 1st, 2014.This technology is the standard scheme that the first fingerprint of domestic release pays.Fingerprint characteristic is stored in the protection zone of CPU by this technology, solves the problem of mobile phone local authentication; But service security and communication security certification have still been come by embody rule, in the scheme of Huawei, service security and communication security must be ensured by Alipay authentication system.
Fingerprint recognition popular at present adds the mode of application authorization, still needs password, and fingerprint characteristic is stored in (long-range) service end by part manufacturer.There are two kinds of problems in this, one is privacy leakage problem, although fingerprint characteristic is difficult to restore fingerprint image, fingerprint characteristic has uniqueness after all, still has certain potential safety hazard once reveal; Two are, fingerprint authentication is local verification (can only prove that at most this mobile phone is end user), are difficult to guarantee business and communication security (in such as authentication information transmitting procedure, information is tampered).
Summary of the invention
The present invention thinks little of business and communication security is corrected for paying attention to fingerprint recognition in other schemes, proposes complete technical scheme.The present invention to be based upon on fingerprint recognition and public private key systems basis and the technology of advantage both combining and method: fingerprint recognition is basis, and hard-wired public private key module is core, both in a mobile device integrated application be core feature of the present invention.The present invention's safety certification problem solving mobile device and application.This technology is very applicable to finger print mobile phones safety certification.Concrete technical scheme is as follows:
A kind of mobile device, without cipher safety authentication method, comprising:
Start the step of fingerprint identification module: mobile phone applications client receives the ID (such as user name) of user's typing, and starts fingerprint identification module; Fingerprint identification module reads fingerprint and compares with the information that stores in fingerprint identification module and verify, if be verified, start cipher key module, if checking is not passed through, authentication failed, sends to client by result.
Call the step of cipher key module: cipher key module produces double secret key and random number and signs to random number, and relevant information, in cipher key module reserved area, is sent to application server by key storage;
The step of certifying signature value: application server certifying signature value, if be verified, the successful step of complete operation, sends to client modules by result, if checking is not passed through, operation failure, sends to client modules by result.
The invention still further relates to a kind of mobile device without cipher safety authentication system, comprise client modules, cipher key module and application server, wherein,
Described client modules is for starting cipher key module;
Described cipher key module is used for after being started by client modules, producing double secret key and random number and signing to random number, relevant information is sent to application server;
Described application server is used for certifying signature value, if be verified, the successful step of complete operation, sends to client modules by result, if checking is not passed through, operation failure, sends to client modules by result.
Technical solution of the present invention can be divided into three parts.Part I fingerprint identification module.This module is based on existing technology or scheme, but the technical program does not pay close attention to the specific implementation of existing fingerprint identification module.This method requires this module: 1. must be hardware implementing; 2. finger print information stores in a mobile device; 3. the outside finger print information that cannot read storage, can only read the information that state, fingerprint number etc. that whether checking pass through are irrelevant with concrete fingerprint characteristic.At present, the mobile phone that major part has a fingerprint identification module all meets this part requirement.Part II is public and private key generation module (i.e. cipher key module).This module is this programme core.This method requires this module: 1. must be hardware implementing and have computing capability (by algorithm solidification in the chips, leave memory block, have computing capability); 2. can produce public private key pair, private key is stored in the protection zone of module and can not be read by outside; PKI can by external reference; 3. can produce random number, to calculating random number signature, random number and signature value can be read by outside; 4. have the ability of algorithms selection, can select RSA, DSA or ElGamal scheduling algorithm, key length is 512,1024 and 2048, and visual key intensity is selected.Part III is fingerprint identification module, reciprocal process between public and private key generation module and embody rule.Follow the technical program to carry out design and can solve certification, business and Communication Security Problem.
Beneficial effect of the present invention is as follows:
The invention solves the safety certification problem of mobile device, finger print identifying (mobile terminal checking) is combined with public and private key certification (business authentication, communication security), has ensured the safety of whole flow process.
Because nucleus module of the present invention is public and private key generation module, and it is hardware implementing.This makes various different application can realize " password is shared "--and shared private key shares PKI.
Accompanying drawing explanation
Fig. 1 is the embodiment of the present invention one security authentication module and register flow path figure;
Fig. 2 is the embodiment of the present invention two security authentication module and login process figure.
Embodiment
The application of concrete scheme of the present invention specifically in various different environment.There is several typical apply scene.1. Mobile solution certification.
For scenes such as user's registration, login, amendment keys.
2. mobile-phone payment safety.
It is the expansion of 1.For mobile-phone payment, ensure mobile terminal safety certification and communication process safety, ensure fund security.
3. secret protection.
Because using public private key systems and random number password, and without the need to user's input, fundamentally solve the potential safety hazard of conventional cipher.Make Brute Force completely infeasible.
4. enterprises safety.
Public and private key fingerprint U disk certificate, not only without the need to inputting password, and ensure that transmission security from hardware layer.5. other are not suitable for password and need the scene of backstage certification.
, divide 4 kinds of scenes with regard to embody rule in conjunction with the accompanying drawings and embodiments below, illustrate that this programme realizes the detailed process of certification.Assuming that user has gathered fingerprint.
Embodiment one: when user registers, each module interaction sequence is as Fig. 1
A. user's typing represents the user ID information of self, as user name, as in figure 1; B. call fingerprint module (in figure 1.1) and carry out fingerprint authentication, also namely read the fingerprint stored in user fingerprints and fingerprint module and compare; Turn c as being verified (in figure 1.1.1), checking by (in figure 1.1.2), does not return authentication failed (in figure 1.1.3); C. call cipher key module (in figure 2), produce double secret key (in figure 2.1) and random number (in figure 2.2), and sign (in figure 2.3) to random number, double secret key is stored in cipher key module reserved area; D. the main informations such as user ID information, random number, signature value, public key information are sent to application server (in figure 3); Application server certifying signature value (in figure 3.1); As passed through, storing user ID information, public key information (in figure 3.2), completing registration (in figure 3.3); If checking is not by (in figure 3.4) registration failure (in figure 3.5).
In above-mentioned steps, that need user to participate in is process a; Other processes process automatically by by this programme designed system.
Embodiment two: during user log-in authentication, each module interaction sequence is as Fig. 2
A. user's typing represents the user ID information of self; B. calling fingerprint module (in figure 1.1) and carry out fingerprint authentication, turning c as being verified (in figure 1.1.1), checking by (in figure 1.1.2), does not return authentication failed (in figure 1.1.3); C. call cipher key module (in figure 2), produce random number (in figure 2.1), and (in figure 2.2) are signed to random number; D. user ID information, random number, signature value etc. (herein not containing public key information) main information is sent to application server (in figure 3); Application server certifying signature value (in figure 3.1); As by checking (3.2), login successfully (3.3); If checking is not passed through
(3.4) login failure (3.5).
Embodiment three: user revises double secret key
Amendment double secret key, is similar to amendment " password ".Process is similar to user registration course (embodiment one).First will pass through local finger print identifying, then regenerate double secret key, random number and signature value, server carries out verifying, storing relevant treatment such as (upgrading already present record).
Embodiment four: process during device losses
When subscriber equipment is lost, on new equipment, be now difficult to associating of account and fingerprint.Now, by traditional means, such as the mode of mobile phone identifying code, mail identifying code, password prompt, first completes the function that account is given for change; And then, regenerate new key pair, process is with embodiment three.
Claims (9)
1. mobile device is without a cipher safety authentication method, it is characterized in that, comprising:
Start the step of cipher key module: client receives user ID information and starts fingerprint identification module, fingerprint identification module reads user fingerprints and compares with the finger print information that stores in fingerprint module, if be verified, start cipher key module, if checking is not passed through, authentication failed, sends to client by result;
Call the step of cipher key module: cipher key module produces double secret key and random number and signs to random number, relevant information is sent to application server;
The step of certifying signature value: application server certifying signature value, if be verified, the successful step of complete operation, sends to client modules by result, if checking is not passed through, operation failure, sends to client modules by result.
2. a kind of mobile device according to claim 1 is without cipher safety authentication method, it is characterized in that, described cipher key module is hardware implementing and is provided with dedicated memory region, and for storage of public keys, private key, private key can not be read by outside.
3. a kind of mobile device according to claim 1 is without cipher safety authentication method, it is characterized in that, described cipher key module has algorithms selection, key length is selected and computing capability.
4. a kind of mobile device according to claim 1 is without cipher safety authentication method, it is characterized in that, described in the relevant information called in the step of cipher key module comprise user ID, random number, signature value, PKI.
5. a kind of mobile device according to claim 1 is without cipher safety authentication method, it is characterized in that, in the step of described certifying signature value, the step of successful operation comprises application server for storage user ID, public key information produce the information of authentication success.
6. a kind of mobile device according to claim 1 is without cipher safety authentication method, it is characterized in that, described in the relevant information called in the step of cipher key module comprise user ID information, random number, signature value.
7. according to claim 1, it is characterized in that, in the step of described certifying signature value, the step of successful operation comprises the information that application server generates authentication success.
8. mobile device is without a cipher safety authentication system, it is characterized in that, comprises client modules, cipher key module and application server, wherein,
Described client modules is for starting cipher key module;
Described cipher key module is used for after being started by client modules, producing double secret key and random number and signing to random number, relevant information is sent to application server;
Described application server is used for certifying signature value, if be verified, the successful step of complete operation, sends to client modules by result, if checking is not passed through, operation failure, sends to client modules by result.
9. a kind of mobile device according to claim 6 is without cipher safety authentication system, it is characterized in that, described client modules comprises client and fingerprint identification module, and described client is for receiving user ID information and starting fingerprint identification module; Described fingerprint identification module is compared verify for being read the information stored in user fingerprints and fingerprint module, if be verified, starts cipher key module, if checking not by; authentication failed, send to client by result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410566121.2A CN104660412A (en) | 2014-10-22 | 2014-10-22 | Password-less security authentication method and system for mobile equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410566121.2A CN104660412A (en) | 2014-10-22 | 2014-10-22 | Password-less security authentication method and system for mobile equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104660412A true CN104660412A (en) | 2015-05-27 |
Family
ID=53251148
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410566121.2A Pending CN104660412A (en) | 2014-10-22 | 2014-10-22 | Password-less security authentication method and system for mobile equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104660412A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105450392A (en) * | 2015-12-04 | 2016-03-30 | 四川九洲电器集团有限责任公司 | Method and device for determining key pair and data processing method |
| CN106296197A (en) * | 2015-06-25 | 2017-01-04 | 深圳市中兴微电子技术有限公司 | A kind of method, apparatus and system of payment |
| CN106897606A (en) * | 2015-12-18 | 2017-06-27 | 东莞酷派软件技术有限公司 | A kind of brush machine means of defence and device |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| US10158489B2 (en) | 2015-10-23 | 2018-12-18 | Oracle International Corporation | Password-less authentication for access management |
| US10164971B2 (en) | 2015-10-22 | 2018-12-25 | Oracle International Corporation | End user initiated access server authenticity check |
| CN109150535A (en) * | 2017-06-19 | 2019-01-04 | 中国移动通信集团公司 | A kind of identity identifying method, equipment, computer readable storage medium and device |
| CN109214154A (en) * | 2017-06-29 | 2019-01-15 | 佳能株式会社 | Information processing unit and method |
| US10225283B2 (en) | 2015-10-22 | 2019-03-05 | Oracle International Corporation | Protection against end user account locking denial of service (DOS) |
| US10250594B2 (en) | 2015-03-27 | 2019-04-02 | Oracle International Corporation | Declarative techniques for transaction-specific authentication |
| US10257205B2 (en) | 2015-10-22 | 2019-04-09 | Oracle International Corporation | Techniques for authentication level step-down |
| CN116611098A (en) * | 2023-07-19 | 2023-08-18 | 北京电科智芯科技有限公司 | File encryption mobile storage method and system, storage medium and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2609069Y (en) * | 2002-04-03 | 2004-03-31 | 杭州中正生物认证技术有限公司 | Fingerprint digital autograph device |
| CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
| CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
| CN101778102A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Safety authentication method of sensor, sensor and authentication system thereof |
-
2014
- 2014-10-22 CN CN201410566121.2A patent/CN104660412A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2609069Y (en) * | 2002-04-03 | 2004-03-31 | 杭州中正生物认证技术有限公司 | Fingerprint digital autograph device |
| CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
| CN101631020A (en) * | 2008-07-16 | 2010-01-20 | 上海方立数码科技有限公司 | Identity authentication system combining fingerprint identification and PKI system |
| CN101778102A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Safety authentication method of sensor, sensor and authentication system thereof |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10834075B2 (en) | 2015-03-27 | 2020-11-10 | Oracle International Corporation | Declarative techniques for transaction-specific authentication |
| US10250594B2 (en) | 2015-03-27 | 2019-04-02 | Oracle International Corporation | Declarative techniques for transaction-specific authentication |
| CN106296197A (en) * | 2015-06-25 | 2017-01-04 | 深圳市中兴微电子技术有限公司 | A kind of method, apparatus and system of payment |
| US10225283B2 (en) | 2015-10-22 | 2019-03-05 | Oracle International Corporation | Protection against end user account locking denial of service (DOS) |
| US10666643B2 (en) | 2015-10-22 | 2020-05-26 | Oracle International Corporation | End user initiated access server authenticity check |
| US10257205B2 (en) | 2015-10-22 | 2019-04-09 | Oracle International Corporation | Techniques for authentication level step-down |
| US10164971B2 (en) | 2015-10-22 | 2018-12-25 | Oracle International Corporation | End user initiated access server authenticity check |
| US10158489B2 (en) | 2015-10-23 | 2018-12-18 | Oracle International Corporation | Password-less authentication for access management |
| US10735196B2 (en) | 2015-10-23 | 2020-08-04 | Oracle International Corporation | Password-less authentication for access management |
| CN105450392B (en) * | 2015-12-04 | 2019-01-25 | 四川九洲电器集团有限责任公司 | A kind of method and device for determining key pair, data processing method |
| CN105450392A (en) * | 2015-12-04 | 2016-03-30 | 四川九洲电器集团有限责任公司 | Method and device for determining key pair and data processing method |
| CN106897606B (en) * | 2015-12-18 | 2020-02-21 | 东莞酷派软件技术有限公司 | Brush machine protection method and device |
| CN106897606A (en) * | 2015-12-18 | 2017-06-27 | 东莞酷派软件技术有限公司 | A kind of brush machine means of defence and device |
| WO2017177435A1 (en) * | 2016-04-15 | 2017-10-19 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN107113315A (en) * | 2016-04-15 | 2017-08-29 | 深圳前海达闼云端智能科技有限公司 | Identity authentication method, terminal and server |
| CN109150535A (en) * | 2017-06-19 | 2019-01-04 | 中国移动通信集团公司 | A kind of identity identifying method, equipment, computer readable storage medium and device |
| CN109214154A (en) * | 2017-06-29 | 2019-01-15 | 佳能株式会社 | Information processing unit and method |
| US11042615B2 (en) | 2017-06-29 | 2021-06-22 | Canon Kabushiki Kaisha | Information processing apparatus and method |
| CN116611098A (en) * | 2023-07-19 | 2023-08-18 | 北京电科智芯科技有限公司 | File encryption mobile storage method and system, storage medium and electronic equipment |
| CN116611098B (en) * | 2023-07-19 | 2023-10-27 | 北京电科智芯科技有限公司 | File encryption mobile storage method and system, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11258777B2 (en) | Method for carrying out a two-factor authentication | |
| CN108810029B (en) | Authentication system and optimization method between micro-service architecture services | |
| CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
| CN107079034B (en) | Identity authentication method, terminal equipment, authentication server and electronic equipment | |
| CN105429760B (en) | A kind of auth method and system of the digital certificate based on TEE | |
| CN106797311B (en) | System, method and storage medium for secure password generation | |
| JP6586446B2 (en) | Method for confirming identification information of user of communication terminal and related system | |
| US10630488B2 (en) | Method and apparatus for managing application identifier | |
| JP2018532301A (en) | User authentication method and apparatus | |
| CN109981562B (en) | Software development kit authorization method and device | |
| CN111552935B (en) | Block chain data authorized access method and device | |
| CN109639427A (en) | A kind of method and apparatus that data are sent | |
| EP3684005A1 (en) | Method and system for recovering cryptographic keys of a blockchain network | |
| US20200196143A1 (en) | Public key-based service authentication method and system | |
| CN112766962A (en) | Method for receiving and sending certificate, transaction system, storage medium and electronic device | |
| CN111800377B (en) | Mobile terminal identity authentication system based on safe multi-party calculation | |
| US11082236B2 (en) | Method for providing secure digital signatures | |
| CN105119716A (en) | Secret key negotiation method based on SD cards | |
| CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN111709747B (en) | Intelligent terminal authentication method and system | |
| CN113051623B (en) | Data processing method and device and electronic equipment | |
| CN115865360A (en) | Continuous electronic signature method and system of credible identity token based on security component | |
| US20150302506A1 (en) | Method for Securing an Order or Purchase Operation Means of a Client Device | |
| CN114282254A (en) | Encryption and decryption method and device, and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 210000 Jiangsu province Nanjing Yuhua Development Zone No. 18 Building 2 Phoenix Road Applicant after: Nanjing Ze Ben Information Technology Co., Ltd Address before: Ping Chong Park No. 37 Jiangning district general road in Nanjing city Jiangsu province 210000 Building No. 3 Applicant before: Nanjing Ze Ben Information Technology Co., Ltd |
|
| COR | Change of bibliographic data | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150527 |