CN105262594B - A kind of identity authentication method and device - Google Patents

A kind of identity authentication method and device Download PDF

Info

Publication number
CN105262594B
CN105262594B CN201510650436.XA CN201510650436A CN105262594B CN 105262594 B CN105262594 B CN 105262594B CN 201510650436 A CN201510650436 A CN 201510650436A CN 105262594 B CN105262594 B CN 105262594B
Authority
CN
China
Prior art keywords
ukey
clone
information
certified
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510650436.XA
Other languages
Chinese (zh)
Other versions
CN105262594A (en
Inventor
张建津
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue Digital Control Electronic Co Ltd
Original Assignee
Shandong Chaoyue Digital Control Electronic Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue Digital Control Electronic Co Ltd filed Critical Shandong Chaoyue Digital Control Electronic Co Ltd
Priority to CN201510650436.XA priority Critical patent/CN105262594B/en
Publication of CN105262594A publication Critical patent/CN105262594A/en
Application granted granted Critical
Publication of CN105262594B publication Critical patent/CN105262594B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of identity authentication method and device, this method includes:The first information in ukey to be cloned is injected into clone ukey, and generates the facility information of the clone ukey, the facility information of the clone ukey is injected into the clone ukey;The clone ukey is connected with equipment to be certified;According to the first information in the clone ukey, authentication is carried out to the clone ukey in the equipment to be certified;After certification passes through, into the equipment to be certified, the ukey to be cloned and the equipment to be certified are unbinded;According to the facility information of the clone ukey, by the clone ukey and the apparatus bound to be certified.The present invention provides a kind of identity authentication method and devices, can improve the safety of equipment to be certified.

Description

A kind of identity authentication method and device
Technical field
The present invention relates to field of computer technology, more particularly to a kind of identity authentication method and device.
Background technology
Authentication is most basic security service, it passes through the body for verifying communicating pair based on password theory Part, access control policy can be made reliably to execute.Authentication is had left, safe access control can not be implemented, safe Operating process and data confidentiality are not known where to begin yet.
In the prior art, ukey (USB key, excellent shield) is the important equipment for realizing authentication.UKey is that one kind passes through USB is directly connected with computer, the small memory device with cryptographic authorization functions, reliable high speed.The feature of ukey maximums is just It is safe, technical specification consistency is strong, and Compatibility of Operating System is good, carries using flexible.Ukey can be used for treating recognizing It demonstrate,proves equipment and carries out authentication, when ukey is matched with equipment to be certified, the system of equipment to be certified can be entered, user can Authenticating device is treated to be operated, if ukey is mismatched with equipment to be certified, the system that cannot be introduced into equipment to be certified.When After the ukey of equipment to be certified loses, user cannot be introduced into device systems to be certified, and the ukey lost may be non- Method user utilizes, and endangers the safety of equipment to be certified.
As can be seen from the above description, in the authentication of the prior art, after ukey loses, the safety of equipment to be certified It is relatively low.
Invention content
In view of this, the present invention provides a kind of identity authentication method and device, the peace of equipment to be certified can be improved Quan Xing.
On the one hand, the present invention provides a kind of identity authentication methods, including:
S1:The equipment that the first information in ukey to be cloned is injected into clone ukey, and generates the clone ukey The facility information of the clone ukey is injected into the clone ukey by information;
S2:The clone ukey is connected with equipment to be certified;
S3:According to the first information in the clone ukey, the clone ukey is carried out in the equipment to be certified Authentication;
S4:After certification passes through, into the equipment to be certified, by the ukey to be cloned and the equipment solution to be certified It ties up;
S5:According to the facility information of the clone ukey, by the clone ukey and the apparatus bound to be certified.
Further, further include before the S1:The clone ukey is divided into clone area and non-clone area in advance, The first information is saved in database in advance;
The S1 includes:
The first information is obtained from the database, and the first information is saved in the clone of the clone ukey Qu Zhong;
The facility information of the clone ukey is saved in the clone ukey by the facility information for generating the clone ukey Non- clone area in.
Further, the first information includes:The facility information of first user information, ukey to be cloned;
The S5, including:According in the first information the first user information and it is described clone ukey facility information, By the clone ukey and the apparatus bound to be certified;
After the S5, further include:
The facility information of ukey to be cloned in the first information is deleted from the clone ukey.
Further, the S1 further includes:
Externally input second user information is received, the second user information is injected into the clone ukey;
The S5, including:
The administrator right for obtaining the equipment to be certified is believed by the administrator right according to the second user Breath, adds the corresponding user accounts of the clone ukey in the equipment to be certified;
It is waited for described according to the facility information of the clone ukey and the user account by the administrator right Authenticating device is bound with the clone ukey.
Further, further include:The corresponding authentication informations of ukey to be cloned described in the equipment to be certified are protected in advance It is stored in the credible password module TCM of the equipment to be certified;
The S3, including:
Start authentication processes in the equipment to be certified, obtained from the TCM described in ukey to be cloned is corresponding recognizes Information is demonstrate,proved, the first information is obtained from the clone ukey, passes through the corresponding authentication informations of the ukey to be cloned and institute The first information is stated to be authenticated the clone ukey.
On the other hand, the present invention provides a kind of devices of authentication, including:
Information cloned unit, for the first information in ukey to be cloned to be injected into clone ukey, and described in generation The facility information of the clone ukey is injected into the clone ukey by the facility information for cloning ukey;
Connection unit, for the clone ukey to be connected with equipment to be certified;
Authentication unit is used for according to the first information in the clone ukey, to described gram in the equipment to be certified Grand ukey carries out authentication;
Unit is unbinded, after for certification passing through, into the equipment to be certified, the ukey to be cloned is waited recognizing with described Demonstrate,prove equipment unbundlings;
Binding unit, for the facility information according to the first information and the clone ukey, by the clone ukey With the apparatus bound to be certified.
Further, further include:
Division unit, for being clone area and non-clone area by the clone ukey points;
Database Unit, for preserving the first information;
Described information cloned unit protects the first information for obtaining the first information from shown database It is stored in the clone area of the clone ukey, and generates the facility information of the clone ukey, by the equipment of the clone ukey In information preservation to the non-clone area of the clone ukey.
Further, the first information includes:The facility information of first user information, ukey to be cloned;
The binding unit, for according in the first information first user information and the clone ukey set Standby information, by the clone ukey and the apparatus bound to be certified;
Further include:Deleting unit, for by the facility information of the ukey to be cloned in the first information from the clone It is deleted in ukey.
Further, including:
Described information cloned unit is additionally operable to receive externally input second user information, by the second user information It is injected into the clone ukey;
The binding unit, the administrator right for obtaining the equipment to be certified, passes through the administrator right, root According to the second user information, the corresponding user accounts of the clone ukey are added in the equipment to be certified, by described Administrator right, according to the facility information of the clone ukey and the user account, by the equipment to be certified and described gram The binding of grand ukey.
Further, further include:
Credible password module TCM units, for believing the corresponding certifications of ukey to be cloned described in the equipment to be certified Breath is saved in the TCM of the equipment to be certified;
The authentication unit is waited for from the TCM described in acquisition for starting authentication processes in the equipment to be certified The corresponding authentication informations of ukey are cloned, the first information is obtained from the clone ukey, passes through described ukey pairs to be cloned The authentication information and the first information answered are authenticated the clone ukey.
A kind of identity authentication method and device provided by the invention can be to the ukey of loss when there is ukey loss It is cloned, the ukey of loss is ukey to be cloned, and the first information in ukey to be cloned is saved in clone ukey, is led to It crosses the first information in clone ukey and authentication is carried out to clone ukey in equipment to be certified, after certification passes through, can enter and wait for In authenticating device, ukey to be cloned and equipment to be certified are unbinded, avoids and equipment to be certified is entered by the ukey of loss, carry The high safety of equipment to be certified is set in addition, by the facility information of the first information and the clone ukey generated by be certified It is standby to be bound with clone ukey so that could to be entered in equipment to be certified by the clone ukey, improve equipment to be certified Safety.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is a kind of flow chart for identity authentication method that one embodiment of the invention provides;
Fig. 2 is the flow chart for another identity authentication method that one embodiment of the invention provides;
Fig. 3 is a kind of schematic diagram of the device for authentication that one embodiment of the invention provides;
Fig. 4 is the schematic diagram of the device for another authentication that one embodiment of the invention provides.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
As shown in Figure 1, an embodiment of the present invention provides a kind of identity authentication method, this method may include following step Suddenly:
S1:The equipment that the first information in ukey to be cloned is injected into clone ukey, and generates the clone ukey The facility information of the clone ukey is injected into the clone ukey by information;
S2:The clone ukey is connected with equipment to be certified;
S3:According to the first information in the clone ukey, the clone ukey is carried out in the equipment to be certified Authentication;
S4:After certification passes through, into the equipment to be certified, by the ukey to be cloned and the equipment solution to be certified It ties up;
S5:According to the facility information of the first information and the clone ukey, the clone ukey is waited recognizing with described Demonstrate,prove apparatus bound.
A kind of identity authentication method provided through the embodiment of the present invention can be to loss when there is ukey loss Ukey is cloned, and the ukey of loss is ukey to be cloned, and the first information in ukey to be cloned is saved in clone ukey In, authentication, after certification passes through, Ke Yijin are carried out to clone ukey in equipment to be certified by cloning the first information in ukey Enter in equipment to be certified, ukey to be cloned and equipment to be certified are unbinded, avoids and to be certified set is entered by the ukey of loss It is standby, the safety of equipment to be certified is improved, in addition, by the facility information of the first information and the clone ukey generated, will be waited for Authenticating device is bound with clone ukey so that could be entered in equipment to be certified by the clone ukey, be improved and wait recognizing Demonstrate,prove the safety of equipment.
In one possible implementation, further include before the S1:The clone ukey is divided into gram in advance The first information, is saved in database by Long Qu and non-clone area in advance;
The S1 includes:
The first information is obtained from the database, and the first information is saved in the clone of the clone ukey Qu Zhong;
The facility information of the clone ukey is saved in the clone ukey by the facility information for generating the clone ukey Non- clone area in.
It in the database by the information preservation in ukey, can be new in order to when ukey loses or fails, generate Ukey.The database can be arranged at the registration end for registering ukey.In addition, some ukey are corresponding administrators, have It is corresponding ordinary user a bit, can also includes root certificate information in the ukey of corresponding administrator.
In one possible implementation, the first information includes:The equipment of first user information, ukey to be cloned Information;
The S5, including:According in the first information the first user information and it is described clone ukey facility information, By the clone ukey and the apparatus bound to be certified.
After the S5, further include:
The facility information of ukey to be cloned in the first information is deleted from the clone ukey.
In the realization method, bound with equipment to be certified since ukey will be cloned, it is therein to wait cloning The facility information of ukey has not needed, and can be deleted from clone ukey.
In the realization method, the corresponding user in equipment to be certified can be found by user information in the first information Account, and by cloning the facility information of ukey, it may be implemented interacting and be mutually authenticated with equipment to be certified.
In addition, in one possible implementation, in the corresponding ukey of administrator's account, including root certificate letter Breath.When binding administrator's account and equipment to be certified, can be accomplished by the following way:By the root certificate in ukey Information is imported into equipment to be certified, judges whether the root certificate information imported is complete, if completely, by the ukey in ukey Facility information and user information imported into equipment to be certified, after importing successfully, then realize the ukey and equipment to be certified Binding.In addition, in order to safer, the root certificate information of importing, the facility information of ukey, user information storage can be arrived In the TCM (Trusted Cryptography Module, credible password module) of equipment to be certified.
For the corresponding ukey of regular account, the binding with equipment to be certified can be accomplished by the following way:Administrator Account has highest control authority, can change regular account permission, increases and deletes regular account.Regular account is only in administrator's account Family can be used after authorizing, and the binding of regular account is also to increase what account was realized by account executive.Regular account binding is pipe After reason person's Account Logon, the operations such as the binding mandate of regular account ukey are carried out by management software.Specifically, by regular account Ukey be inserted into equipment to be certified, administrator's account creates corresponding common according to the user information in the ukey of regular account Account.
The facility information of ukey in the embodiment of the present invention includes user key information, authorized user message etc..Pass through this The interactive authentication with equipment to be certified may be implemented in a little information.And user information is mainly used for and user's account in equipment to be certified Family is matched.Different user informations corresponds to different user accounts.And different user accounts can have different power Limit.
In one possible implementation, including:The S1 further includes:
Externally input second user information is received, the second user information is injected into the clone ukey;
The S5, including:
The administrator right for obtaining the equipment to be certified is believed by the administrator right according to the second user Breath, adds the corresponding user accounts of the clone ukey in the equipment to be certified;
It is waited for described according to the facility information of the clone ukey and the user account by the administrator right Authenticating device is bound with the clone ukey.
In the realization method, by new second user information, the user of information is regenerated in equipment to be certified Account, by the user account and clone's ukey bindings.
In one possible implementation, further include:It in advance will be ukey pairs to be cloned described in the equipment to be certified The authentication information answered is saved in the TCM of the equipment to be certified;
The S3, including:
Start authentication processes in the equipment to be certified, obtained from the TCM described in ukey to be cloned is corresponding recognizes Information is demonstrate,proved, the first information is obtained from the clone ukey, passes through the corresponding authentication informations of the ukey to be cloned and institute The first information is stated to be authenticated the clone ukey.
The corresponding authentication informations of ukey to be cloned described in the equipment to be certified are saved in the TCM of the equipment to be certified In, the credible safety for being effectively guaranteed user information can be prevented from effectively distorting user information in violation of rules and regulations, illegally cross certification It is logged in.
It should be noted that:In order to ensure the safety of equipment to be certified, when user logs in every time, all with carrying out ukey. Equipment to be certified starts user authentication process, the legitimacy of certification ukey is interacted with ukey first, then utilizes challenge Person's mode verifies user password, verifies ukey information integrities, judges that ukey binds legitimacy, user is finally taken out from TCM Permission initializes system start-up parameter, carries out system startup.
To prevent machine disabled user under open state from logging in, equipment to be certified can be set and be timed re-authentication work( Can, user's re-authentication is carried out every preset time, ensures the normal login status of ukey and system.
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with the accompanying drawings and specific embodiment to this Invention is described in further detail.
In embodiments of the present invention, equipment to be certified is the ends PC, and ukey to be cloned is the first ukey, the first ukey and the ends PC Binding, the first ukey is connected with the ends PC, after the authentication by the ends PC, can just log on the ends PC.First ukey loses, and needs First ukey is cloned, clone ukey is the 2nd ukey.The first ukey is cloned by the 2nd ukey, passes through second Ukey logs in the ends PC.
As shown in Fig. 2, an embodiment of the present invention provides a kind of identity authentication method, this method may include following step Suddenly:
Step 201:Pre-set the first user information and the first ukey in the first ukey of database preservation first sets Standby information.
The information in each ukey can be preserved by the database, convenient for that after ukey loss, can clone again ukey。
Step 202:By the first user information obtained from database and the first facility information, it is injected into the 2nd ukey In.
Step 203:Second facility information is injected into the 2nd ukey by the second facility information for generating the 2nd ukey.
Step 204:2nd ukey is connected with the ends PC, according to the first user information and the first equipment letter in the 2nd ukey Breath carries out authentication on the ends PC to the 2nd ukey.
Since the first user information and the first facility information are all that user identity in the first ukey bound with the ends PC is recognized Therefore the information of card by preserving these information in the 2nd ukey, can pass through the authentication at the ends PC.
Step 205:After certification passes through, into the ends PC, the first ukey and the ends PC are unbinded.
Since the first ukey loses, disabled user may log in the ends PC by the first ukey, in order to improve the safety at the ends PC Property, it needs to unbind the first ukey and the ends PC so that the first ukey can not log in the ends PC.When unbundlings, it can will be preserved in the ends PC The information for the first ukey of certification relevant information delete, alternatively, the first ukey of label has failed in the ends PC.
Step 206:According to the first user information and the second facility information, the 2nd ukey and the ends PC are bound.
When binding the 2nd ukey and the ends PC, at the ends PC without increasing new account, or with identical as the first ukey Account, can so that user is more convenient, user continues to continue to use in the first ukey without re-entering user information First user information.In binding, the ends PC need to generate authentication information corresponding with the second facility information, are used for Authentication is carried out to the 2nd ukey.
Second user information input by user can also be received, second user information is injected into the 2nd ukey, according to Second user information regenerates new user account.When next user logs in the ends PC using the 2nd ukey, need by new The user account of generation logs in.It, can be by the ends PC user's account corresponding with the first ukey when unbinding the first ukey and the ends PC Also it deletes at family.Can also by the 2nd ukey the first user information and the first facility information all delete.
Step 207:First facility information is deleted from the 2nd ukey.
As shown in Figure 3, Figure 4, an embodiment of the present invention provides a kind of devices of authentication.Device embodiment can pass through Software realization can also be realized by way of hardware or software and hardware combining.For hardware view, as shown in figure 3, for this A kind of hardware structure diagram of equipment where a kind of device for authentication that inventive embodiments provide, in addition to processing shown in Fig. 3 Except device, memory, network interface and nonvolatile memory, the equipment in embodiment where device usually can also include Other hardware, such as it is responsible for the forwarding chip of processing message.For implemented in software, as shown in figure 4, anticipating as a logic Device in justice is to be read corresponding computer program instructions in nonvolatile memory by the CPU of equipment where it Operation is formed in memory.A kind of device of authentication provided in this embodiment, including:
Information cloned unit 401 for the first information in ukey to be cloned to be injected into clone ukey, and generates institute The facility information of the clone ukey is injected into the clone ukey by the facility information for stating clone ukey;
Connection unit 402, for the clone ukey to be connected with equipment to be certified;
Authentication unit 403 is used for according to the first information in the clone ukey, to described in the equipment to be certified It clones ukey and carries out authentication;
Unbind unit 404, after passing through for certification, into the equipment to be certified, by the ukey to be cloned with it is described Equipment unbundlings to be certified;
Binding unit 405, for the facility information according to the first information and the clone ukey, by the clone Ukey and the apparatus bound to be certified.
In one possible implementation, which further includes:
Division unit, for being clone area and non-clone area by the clone ukey points;
Database Unit, for preserving the first information;
Described information cloned unit protects the first information for obtaining the first information from shown database It is stored in the clone area of the clone ukey, and generates the facility information of the clone ukey, by the equipment of the clone ukey In information preservation to the non-clone area of the clone ukey.
In one possible implementation, the first information includes:The equipment of first user information, ukey to be cloned Information;
The binding unit, for the equipment according to the first user information and the clone ukey in the first information Information, by the clone ukey and the apparatus bound to be certified.
Further include:Deleting unit, for by the facility information of the ukey to be cloned in the first information from the clone It is deleted in ukey.
In one possible implementation, which includes:Described information cloned unit is additionally operable to receive external input Second user information, the second user information is injected into the clone ukey;
The binding unit, the administrator right for obtaining the equipment to be certified, passes through the administrator right, root According to the second user information, the corresponding user accounts of the clone ukey are added in the equipment to be certified, by described Administrator right, according to the facility information of the clone ukey and the user account, by the equipment to be certified and described gram The binding of grand ukey.
In one possible implementation, which further includes:
Credible password module TCM units, for believing the corresponding certifications of ukey to be cloned described in the equipment to be certified Breath is saved in the TCM of the equipment to be certified;
The authentication unit is waited for from the TCM described in acquisition for starting authentication processes in the equipment to be certified The corresponding authentication informations of ukey are cloned, the first information is obtained from the clone ukey, passes through described ukey pairs to be cloned The authentication information and the first information answered are authenticated the clone ukey.
The contents such as the information exchange between each unit, implementation procedure in above-mentioned apparatus, due to implementing with the method for the present invention Example is based on same design, and particular content can be found in the narration in the method for the present invention embodiment, and details are not described herein again.
An embodiment of the present invention provides a kind of identity authentication method and devices, have the advantages that:
1, a kind of identity authentication method and device provided in an embodiment of the present invention, one provided through the embodiment of the present invention Kind identity authentication method can clone the ukey of loss when there is ukey loss, and the ukey of loss is to wait cloning The first information in ukey to be cloned is saved in clone ukey by ukey, by the first information in clone ukey to be certified Equipment to clone ukey carry out authentication, after certification passes through, can enter equipment to be certified in, by ukey to be cloned with wait recognizing Equipment unbundlings are demonstrate,proved, avoids and equipment to be certified is entered by the ukey of loss, improve the safety of equipment to be certified, in addition, By the facility information of the first information and the clone ukey generated, equipment to be certified and clone ukey are bound so that logical Crossing the clone ukey could enter in equipment to be certified, improve the safety of equipment to be certified.
2, a kind of identity authentication method and device provided in an embodiment of the present invention has high reliability, high ease for use etc. Feature can be embedded into, system identity certification, be carried out in a variety of authentication architectures such as network ID authentication.
It should be noted that herein, such as first and second etc relational terms are used merely to an entity Or operation is distinguished with another entity or operation, is existed without necessarily requiring or implying between these entities or operation Any actual relationship or order.Moreover, the terms "include", "comprise" or its any other variant be intended to it is non- It is exclusive to include, so that the process, method, article or equipment including a series of elements includes not only those elements, But also include other elements that are not explicitly listed, or further include solid by this process, method, article or equipment Some elements.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including There is also other identical factors in the process, method, article or equipment of the element.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in computer-readable storage medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light In the various media that can store program code such as disk.
Finally, it should be noted that:The foregoing is merely presently preferred embodiments of the present invention, is merely to illustrate the skill of the present invention Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention, Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.

Claims (10)

1. a kind of identity authentication method, which is characterized in that including:
S1:The first information in ukey to be cloned is injected into clone ukey, and generates the facility information of the clone ukey, The facility information of the clone ukey is injected into the clone ukey;
S2:The clone ukey is connected with equipment to be certified;
S3:According to the first information in the clone ukey, identity is carried out to the clone ukey in the equipment to be certified Certification;
S4:After certification passes through, into the equipment to be certified, the ukey to be cloned and the equipment to be certified are unbinded;
S5:According to the facility information of the clone ukey, by the clone ukey and the apparatus bound to be certified.
2. according to the method described in claim 1, it is characterized in that, further including before the S1:In advance by the clone Ukey is divided into clone area and non-clone area, and the first information is saved in database in advance;
The S1 includes:
The first information is obtained from the database, and the first information is saved in the clone area of the clone ukey In;
The facility information of the clone ukey is saved in the non-of the clone ukey by the facility information for generating the clone ukey It clones in area.
3. according to the method described in claim 1, it is characterized in that, the first information includes:First user information waits cloning The facility information of ukey;
The S5, including:According to the facility information of the first user information and the clone ukey in the first information, by institute State clone ukey and the apparatus bound to be certified;
After the S5, further include:
The facility information of ukey to be cloned in the first information is deleted from the clone ukey.
4. according to the method described in claim 1, it is characterized in that, the S1, further includes:
Externally input second user information is received, the second user information is injected into the clone ukey;
The S5, including:
The administrator right for obtaining the equipment to be certified, by the administrator right, according to the second user information, The corresponding user accounts of the clone ukey are added in the equipment to be certified;
It will be described to be certified according to the facility information of the clone ukey and the user account by the administrator right Equipment is bound with the clone ukey.
5. method according to any one of claims 1-4, which is characterized in that further include:In advance by the equipment to be certified Described in the corresponding authentication information of ukey to be cloned be saved in the credible password module TCM of the equipment to be certified;
The S3, including:
Start authentication processes in the equipment to be certified, obtained from the TCM described in the corresponding certification of ukey clone believe Breath, the first information is obtained from the clone ukey, passes through the corresponding authentication informations of the ukey to be cloned and described the One information is authenticated the clone ukey.
6. a kind of device of authentication, which is characterized in that including:
Information cloned unit for the first information in ukey to be cloned to be injected into clone ukey, and generates the clone The facility information of the clone ukey is injected into the clone ukey by the facility information of ukey;
Connection unit, for the clone ukey to be connected with equipment to be certified;
Authentication unit is used for according to the first information in the clone ukey, to the clone in the equipment to be certified Ukey carries out authentication;
Unit is unbinded, after passing through for certification, into the equipment to be certified, the ukey to be cloned to be certified is set with described Standby unbundlings;
Binding unit, for the facility information according to the first information and the clone ukey, by the clone ukey and institute State apparatus bound to be certified.
7. device according to claim 6, which is characterized in that further include:
Division unit, for being clone area and non-clone area by the clone ukey points;
Database Unit, for preserving the first information;
The first information is saved in by described information cloned unit for obtaining the first information from shown database In the clone area of the clone ukey, and the facility information of the clone ukey is generated, by the facility information of the clone ukey It is saved in the non-clone area of the clone ukey.
8. device according to claim 6, which is characterized in that the first information includes:First user information waits cloning The facility information of ukey;
The binding unit, for being believed according to the equipment of the first user information and the clone ukey in the first information Breath, by the clone ukey and the apparatus bound to be certified;
Further include:Deleting unit, for by the facility information of the ukey to be cloned in the first information from the clone ukey Middle deletion.
9. device according to claim 6, which is characterized in that including:
Described information cloned unit is additionally operable to receive externally input second user information, and the second user information is injected Into the clone ukey;
The binding unit, the administrator right for obtaining the equipment to be certified, by the administrator right, according to institute Second user information is stated, the corresponding user accounts of the clone ukey are added in the equipment to be certified, pass through the management Member's permission, according to the facility information of the clone ukey and the user account, by the equipment to be certified and the clone The binding of ukey.
10. according to any device in claim 6-9, which is characterized in that further include:
Credible password module TCM units, for protecting the corresponding authentication informations of ukey to be cloned described in the equipment to be certified It is stored in the TCM of the equipment to be certified;
The authentication unit waits cloning from the TCM for starting authentication processes in the equipment to be certified described in acquisition The corresponding authentication informations of ukey obtain the first information from the clone ukey, corresponding by the ukey to be cloned Authentication information and the first information are authenticated the clone ukey.
CN201510650436.XA 2015-10-10 2015-10-10 A kind of identity authentication method and device Active CN105262594B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510650436.XA CN105262594B (en) 2015-10-10 2015-10-10 A kind of identity authentication method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510650436.XA CN105262594B (en) 2015-10-10 2015-10-10 A kind of identity authentication method and device

Publications (2)

Publication Number Publication Date
CN105262594A CN105262594A (en) 2016-01-20
CN105262594B true CN105262594B (en) 2018-08-31

Family

ID=55102116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510650436.XA Active CN105262594B (en) 2015-10-10 2015-10-10 A kind of identity authentication method and device

Country Status (1)

Country Link
CN (1) CN105262594B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430043B (en) * 2019-07-05 2022-11-08 视联动力信息技术股份有限公司 Authentication method, system and device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101312453A (en) * 2007-05-21 2008-11-26 联想(北京)有限公司 User terminal, method for login network service system, method for binding and debinding
CN102480352A (en) * 2010-11-30 2012-05-30 鼎迈医疗科技(苏州)有限公司 Safety ensuring method of implantable medical system and system thereof
CN104363034A (en) * 2014-10-29 2015-02-18 广州位码付信息科技有限公司 Method and device for unbinding wearable device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101312453A (en) * 2007-05-21 2008-11-26 联想(北京)有限公司 User terminal, method for login network service system, method for binding and debinding
CN102480352A (en) * 2010-11-30 2012-05-30 鼎迈医疗科技(苏州)有限公司 Safety ensuring method of implantable medical system and system thereof
CN104363034A (en) * 2014-10-29 2015-02-18 广州位码付信息科技有限公司 Method and device for unbinding wearable device

Also Published As

Publication number Publication date
CN105262594A (en) 2016-01-20

Similar Documents

Publication Publication Date Title
CN102479304B (en) Method, client and system for software access control
CN101350723B (en) USB Key equipment and method for implementing verification thereof
CN105827573B (en) System, method and the relevant apparatus of internet of things equipment strong authentication
CN109361668A (en) A kind of data trusted transmission method
CN102685110B (en) Universal method and system for user registration authentication based on fingerprint characteristics
CN105656862B (en) Authentication method and device
KR101739203B1 (en) Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption
US10686771B2 (en) User sign-in and authentication without passwords
CN112528257A (en) Security debugging method and device, electronic equipment and storage medium
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN103929308B (en) Information Authentication method applied to rfid card
CN107733636A (en) Authentication method and Verification System
JP2007280393A (en) Device and method for controlling computer login
CN100444184C (en) Method and system of software identify identification
CN112311718A (en) Method, device and equipment for detecting hardware and storage medium
CN106790243B (en) A kind of password remapping method of safe U disc
CN105608775B (en) A kind of method of authentication, terminal, access card and SAM card
CN101286846B (en) Interactive identity authentication method
CN105262594B (en) A kind of identity authentication method and device
CN113872989A (en) Authentication method and device based on SSL protocol, computer equipment and storage medium
CN108512832A (en) A kind of safe Enhancement Method for OpenStack authentications
CN114338052B (en) Method and device for realizing identity authentication
CN108574657B (en) Server access method, device and system, computing equipment and server
CN1271525C (en) Computer system landing method
US8656466B2 (en) Data processing with a posteriori or a priori authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant